Search CVE reports

21 – 30 of 62 results

Detailed view

Sort by:

CVE-2022-35951

Medium priority

Ignored

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted...

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-31144

Medium priority

Ignored

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions...

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-33105

Medium priority

Ignored

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-24736

Medium priority

Vulnerable

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the...

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	Not affected	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2022-24735

Medium priority

Needs evaluation

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with...

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-0543

Medium priority

Fixed

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	—	—	Fixed	Not affected	Not affected

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ardour	Not affected	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
enigma	Not affected	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
openscenegraph	Not affected	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ufoai	Not affected	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
wesnoth	—	—	—	—	Ignored
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2021-32765

Medium priority

Vulnerable

Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing...

1 affected packages

hiredis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
hiredis	Not affected	Not affected	Not affected	Not affected	Vulnerable

CVE-2021-41099

Medium priority

Some fixes available 2 of 4

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution....

1 affected packages

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
redis	Not affected	Not affected	Fixed	Fixed	Not affected

CVE-2021-32762

Negligible priority

Needs evaluation

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....

7 affected packages

discque, hiredis, nginx, python-hiredis, redis...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
discque	Not in release	Not in release	Not in release	Not in release	Ignored
hiredis	Not affected	Not affected	Not affected	Not affected	Needs evaluation
nginx	Not affected	Not affected	Not affected	Not affected	Not affected
python-hiredis	Not affected	Not affected	Not affected	Not affected	Needs evaluation
redis	Not affected	Not affected	Not affected	Not affected	Needs evaluation
rspamd	Not affected	Not affected	Not affected	Not in release	Ignored
webdis	Not affected	Not affected	Not affected	Not in release	Needs evaluation

Export to JSON

Results by page: