Redis.json

{
    "CVE-2024-46981": {
        "CVE-ID": "CVE-2024-46981",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": []
        },
        "Official": {
            "8.0-M03": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/8.0-m03"
                ]
            },
            "7.4.2": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.4.2"
                ]
            },
            "7.2.7": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.7"
                ]
            },
            "6.2.17": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.17",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2024-51741": {
        "CVE-ID": "CVE-2024-51741",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 4.4,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": []
        },
        "Official": {
            "8.0-M03": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/8.0-m03"
                ]
            },
            "7.4.2": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.4.2"
                ]
            },
            "7.2.7": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.7"
                ]
            }
        }
    },
    "CVE-2024-31449": {
        "CVE-ID": "CVE-2024-31449",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": []
        },
        "Official": {
            "8.0-M02": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/8.0-m02"
                ]
            },
            "7.4.1": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.4.1"
                ]
            },
            "7.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.6"
                ]
            },
            "6.2.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.16",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2024-31227": {
        "CVE-ID": "CVE-2024-31227",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 4.4,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": []
        },
        "Official": {
            "8.0-M02": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/8.0-m02"
                ]
            },
            "7.4.1": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.4.1"
                ]
            },
            "7.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.6"
                ]
            }
        }
    },
    "CVE-2024-31228": {
        "CVE-ID": "CVE-2024-31228",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": []
        },
        "Official": {
            "8.0-M02": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/8.0-m02"
                ]
            },
            "7.4.1": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.4.1"
                ]
            },
            "7.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.6"
                ]
            },
            "6.2.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.16",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-41056": {
        "CVE-ID": "CVE-2023-41056",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 8.1,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:39",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:38",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.9",
                    "VersionEndExcluding": "7.0.15",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.2.0",
                    "VersionEndExcluding": "7.2.4",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.2.4": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.4"
                ]
            },
            "7.0.15": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.15",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-45145": {
        "CVE-ID": "CVE-2023-45145",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 3.6,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:39",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:38",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:37",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:2.6.0:rc1",
                    "FormattedString": "cpe:2.3:a:redis:redis:2.6.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "2.6.0",
                    "VersionEndExcluding": "6.2.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.2.0",
                    "VersionEndExcluding": "7.2.2",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.2.2": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.2"
                ]
            },
            "7.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.14",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.14",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-41053": {
        "CVE-ID": "CVE-2023-41053",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 3.3,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis:7.2.0:rc3",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.2.0:rc3:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.2.0:rc2",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.2.0:rc2:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.2.0:rc1",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.2.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.2.0:-",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.2.0:-:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0",
                    "VersionEndExcluding": "7.0.13",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.2.1": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2.1"
                ]
            },
            "7.0.13": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.13",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-24834": {
        "CVE-ID": "CVE-2022-24834",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:38",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:37",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "2.6.0",
                    "VersionEndExcluding": "6.0.20",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.13",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.12",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.12": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.12",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "7.2-rc3": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2-rc3"
                ]
            },
            "6.2.13": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.13",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.20": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.20",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-36824": {
        "CVE-ID": "CVE-2023-36824",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.\n\n",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7.4,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:38",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:37",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.12",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.12": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.12",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "7.2-rc3": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.2-rc3"
                ]
            }
        }
    },
    "CVE-2023-28856": {
        "CVE-ID": "CVE-2023-28856",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:38",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:37",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:36",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.0.19",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.12",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.11",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.11": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.11",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.12": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.12",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.19": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.19",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-28425": {
        "CVE-ID": "CVE-2023-28425",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.8",
                    "VersionEndExcluding": "7.0.10",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.10": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.10",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-25155": {
        "CVE-ID": "CVE-2023-25155",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.0.18",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.11",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.9",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.9": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.9",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.11": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.11",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.18": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.18",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-36021": {
        "CVE-ID": "CVE-2022-36021",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.\n",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.0.18",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.11",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.9",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.9": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.9",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.11": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.11",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.18": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.18",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-35977": {
        "CVE-ID": "CVE-2022-35977",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.17",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.9",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.8",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.0.17": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.17",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "7.0.8": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.8",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.9": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.9",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2023-22458": {
        "CVE-ID": "CVE-2023-22458",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.9",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.8",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.8": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.8",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.9": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.9",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-35951": {
        "CVE-ID": "CVE-2022-35951",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:37",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.5",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.5": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.5",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-31144": {
        "CVE-ID": "CVE-2022-31144",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0",
                    "VersionEndExcluding": "7.0.4",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.4": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.4",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-24736": {
        "CVE-ID": "CVE-2022-24736",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.",
            "Cvss2_BaseScore": 2.1,
            "Cvss3_BaseScore": 3.3,
            "Cvss2_VectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:36",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.0:rc3",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:rc3:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.0:rc2",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:rc2:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.0:rc1",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.2.7",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.0": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.0",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.7": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.7",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2022-24735": {
        "CVE-ID": "CVE-2022-24735",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.",
            "Cvss2_BaseScore": 6.8,
            "Cvss3_BaseScore": 3.9,
            "Cvss2_VectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:36",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.0:rc3",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:rc3:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.0:rc2",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:rc2:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis:7.0:rc1",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.2.7",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "7.0.0": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/7.0.0",
                    "https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES"
                ]
            },
            "6.2.7": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.7",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-41099": {
        "CVE-ID": "CVE-2021-41099",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.",
            "Cvss2_BaseScore": 6,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software_and_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32762": {
        "CVE-ID": "CVE-2021-32762",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.",
            "Cvss2_BaseScore": 9,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32687": {
        "CVE-ID": "CVE-2021-32687",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.",
            "Cvss2_BaseScore": 6,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32675": {
        "CVE-ID": "CVE-2021-32675",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.",
            "Cvss2_BaseScore": 5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32672": {
        "CVE-ID": "CVE-2021-32672",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.",
            "Cvss2_BaseScore": 4,
            "Cvss3_BaseScore": 5.3,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/o:redhat:enterprise_linux:8.0",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "3.2.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:software_collections:-",
                    "FormattedString": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32628": {
        "CVE-ID": "CVE-2021-32628",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.",
            "Cvss2_BaseScore": 6,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32627": {
        "CVE-ID": "CVE-2021-32627",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.",
            "Cvss2_BaseScore": 6,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32626": {
        "CVE-ID": "CVE-2021-32626",
        "NVD": {
            "Descriptions": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
            "Cvss2_BaseScore": 6.5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:35",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "2.6",
                    "VersionEndExcluding": "5.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.16",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:5.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_netapp_hci:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:netapp:management_services_for_element_software:-",
                    "FormattedString": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.6": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.6",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.16": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.16",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.14",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32761": {
        "CVE-ID": "CVE-2021-32761",
        "NVD": {
            "Descriptions": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.",
            "Cvss2_BaseScore": 6,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:11.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "2.2.0",
                    "VersionEndExcluding": "5.0.13",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0",
                    "VersionEndExcluding": "6.0.15",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.5",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.5": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.5",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.15": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.15",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.13": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.13",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-32625": {
        "CVE-ID": "CVE-2021-32625",
        "NVD": {
            "Descriptions": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).",
            "Cvss2_BaseScore": 6.5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:::~~~~x84~",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:x84:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:::~~~~x84~",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:x84:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.4",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.4": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.4",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.14",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-29477": {
        "CVE-ID": "CVE-2021-29477",
        "NVD": {
            "Descriptions": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.",
            "Cvss2_BaseScore": 6.5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.13",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.3",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.4": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.4",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.14": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.14",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "6.2.3": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.3",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.13": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.13",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-29478": {
        "CVE-ID": "CVE-2021-29478",
        "NVD": {
            "Descriptions": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.",
            "Cvss2_BaseScore": 6,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:fedoraproject:fedora:34",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:fedoraproject:fedora:33",
                    "FormattedString": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.2.0",
                    "VersionEndExcluding": "6.2.3",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.3": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.3",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.13": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.13",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2021-21309": {
        "CVE-ID": "CVE-2021-21309",
        "NVD": {
            "Descriptions": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.",
            "Cvss2_BaseScore": 6.5,
            "Cvss3_BaseScore": 5.4,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "4.0",
                    "VersionEndExcluding": "5.0.11",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.11",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.2.0": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.2.0",
                    "https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES"
                ]
            },
            "6.0.11": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/6.0.11",
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.11": {
                "source": [
                    "https://github.com/redis/redis/releases/tag/5.0.11",
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2015-8080": {
        "CVE-ID": "CVE-2015-8080",
        "NVD": {
            "Descriptions": "Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.",
            "Cvss2_BaseScore": 5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:opensuse:opensuse:13.2",
                    "FormattedString": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:opensuse:leap:42.1",
                    "FormattedString": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:8.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "2.8.0",
                    "VersionEndExcluding": "2.8.24",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "3.0.0",
                    "VersionEndExcluding": "3.0.6",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0.0",
                    "VersionEndExcluding": "5.0.8",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:7.0",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:6.0",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        },
        "Official": {
            "6.0": {
                "source": [
                    "https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES"
                ]
            },
            "5.0.8": {
                "source": [
                    "https://raw.githubusercontent.com/redis/redis/5.0/00-RELEASENOTES"
                ]
            }
        }
    },
    "CVE-2013-0178": {
        "CVE-ID": "CVE-2013-0178",
        "NVD": {
            "Descriptions": "Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.",
            "Cvss2_BaseScore": 3.6,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "2.6.0",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2013-0180": {
        "CVE-ID": "CVE-2013-0180",
        "NVD": {
            "Descriptions": "Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.",
            "Cvss2_BaseScore": 3.6,
            "Cvss3_BaseScore": 5.5,
            "Cvss2_VectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis:2.6.0",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:2.6.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2013-7458": {
        "CVE-ID": "CVE-2013-7458",
        "NVD": {
            "Descriptions": "linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.",
            "Cvss2_BaseScore": 2.1,
            "Cvss3_BaseScore": 3.3,
            "Cvss2_VectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "Cvss3_VectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/o:debian:debian_linux:8.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": "3.2.2"
                }
            ]
        }
    },
    "CVE-2015-4335": {
        "CVE-ID": "CVE-2015-4335",
        "NVD": {
            "Descriptions": "Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.",
            "Cvss2_BaseScore": 10,
            "Cvss3_BaseScore": 0,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "Cvss3_VectorString": "",
            "CPEs": [
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:8.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:3.0.1",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:3.0.0",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": "2.8.20"
                }
            ]
        }
    },
    "CVE-2016-10517": {
        "CVE-ID": "CVE-2016-10517",
        "NVD": {
            "Descriptions": "networking.c in Redis before 3.2.7 allows \"Cross Protocol Scripting\" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).",
            "Cvss2_BaseScore": 4.3,
            "Cvss3_BaseScore": 7.4,
            "Cvss2_VectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "3.2.7",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2016-8339": {
        "CVE-ID": "CVE-2016-8339",
        "NVD": {
            "Descriptions": "A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.",
            "Cvss2_BaseScore": 7.5,
            "Cvss3_BaseScore": 6.6,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis:3.2.3",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:3.2.2",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:3.2.1",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:3.2.0",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2017-15047": {
        "CVE-ID": "CVE-2017-15047",
        "NVD": {
            "Descriptions": "The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging \"limited access to the machine.\"",
            "Cvss2_BaseScore": 7.5,
            "Cvss3_BaseScore": 9.8,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis:4.0.2",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:4.0.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2018-11218": {
        "CVE-ID": "CVE-2018-11218",
        "NVD": {
            "Descriptions": "Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.",
            "Cvss2_BaseScore": 7.5,
            "Cvss3_BaseScore": 9.8,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:5.0:rc1",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "3.2.12",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "4.0",
                    "VersionEndExcluding": "4.0.10",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:13",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:10",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:3.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2018-11219": {
        "CVE-ID": "CVE-2018-11219",
        "NVD": {
            "Descriptions": "An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.",
            "Cvss2_BaseScore": 7.5,
            "Cvss3_BaseScore": 9.8,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:5.0:rc1",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "3.2.12",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "4.0",
                    "VersionEndExcluding": "4.0.10",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:13",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:10",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.0",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:3.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2018-12326": {
        "CVE-ID": "CVE-2018-12326",
        "NVD": {
            "Descriptions": "Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.",
            "Cvss2_BaseScore": 4.6,
            "Cvss3_BaseScore": 8.4,
            "Cvss2_VectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis:5.0:rc2",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:5.0:rc2:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:5.0:rc1",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "4.0.10",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2018-12453": {
        "CVE-ID": "CVE-2018-12453",
        "NVD": {
            "Descriptions": "Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.",
            "Cvss2_BaseScore": 5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "5.0",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2019-10192": {
        "CVE-ID": "CVE-2019-10192",
        "NVD": {
            "Descriptions": "A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.",
            "Cvss2_BaseScore": 6.5,
            "Cvss3_BaseScore": 7.2,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_tus:8.4",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_tus:8.2",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_aus:8.4",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_aus:8.2",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_eus:8.4",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_eus:8.2",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_eus:8.1",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux:8.0",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:canonical:ubuntu_linux:19.04",
                    "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~",
                    "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~",
                    "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "3.0.0",
                    "VersionEndExcluding": "3.2.13",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "4.0.0",
                    "VersionEndExcluding": "4.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0",
                    "VersionEndExcluding": "5.0.4",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:software_collections:1.0",
                    "FormattedString": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:9",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:14",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:13",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:10",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.1",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:3.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2019-10193": {
        "CVE-ID": "CVE-2019-10193",
        "NVD": {
            "Descriptions": "A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.",
            "Cvss2_BaseScore": 6.5,
            "Cvss3_BaseScore": 7.2,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "Cvss3_VectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_tus:8.4",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_tus:8.2",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_aus:8.4",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_server_aus:8.2",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_eus:8.4",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_eus:8.2",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux_eus:8.1",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:redhat:enterprise_linux:8.0",
                    "FormattedString": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:9.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:canonical:ubuntu_linux:19.04",
                    "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~",
                    "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~",
                    "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "3.0.0",
                    "VersionEndExcluding": "3.2.13",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "4.0.0",
                    "VersionEndExcluding": "4.0.14",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "5.0",
                    "VersionEndExcluding": "5.0.4",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:9",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:14",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:13",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redhat:openstack:10",
                    "FormattedString": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.1",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:3.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2020-14147": {
        "CVE-ID": "CVE-2020-14147",
        "NVD": {
            "Descriptions": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
            "Cvss2_BaseScore": 4,
            "Cvss3_BaseScore": 7.7,
            "Cvss2_VectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/o:suse:linux_enterprise:12.0",
                    "FormattedString": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/o:debian:debian_linux:10.0",
                    "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "5.0.9",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.3",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.3",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.2",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:4.1",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:oracle:communications_operations_monitor:3.4",
                    "FormattedString": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2020-21468": {
        "CVE-ID": "CVE-2020-21468",
        "NVD": {
            "Descriptions": "A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7",
            "Cvss2_BaseScore": 5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis:5.0.7",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:5.0.7:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2021-3470": {
        "CVE-ID": "CVE-2021-3470",
        "NVD": {
            "Descriptions": "A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.",
            "Cvss2_BaseScore": 5,
            "Cvss3_BaseScore": 5.3,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "CPEs": [
                {
                    "URI": "cpe:/a:redislabs:redis:6.2.0:rc3",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:6.2.0:rc3:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:6.2.0:rc2",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:6.2.0:rc2:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis:6.2.0:rc1",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:6.2.0:rc1:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "5.0.10",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redislabs:redis",
                    "FormattedString": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "6.0.0",
                    "VersionEndExcluding": "6.0.9",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2021-31294": {
        "CVE-ID": "CVE-2021-31294",
        "NVD": {
            "Descriptions": "Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 5.9,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.2.0",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2022-0543": {
        "CVE-ID": "CVE-2022-0543",
        "NVD": {
            "Descriptions": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.",
            "Cvss2_BaseScore": 10,
            "Cvss3_BaseScore": 10,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis:-",
                    "FormattedString": "cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2022-33105": {
        "CVE-ID": "CVE-2022-33105",
        "NVD": {
            "Descriptions": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.",
            "Cvss2_BaseScore": 5,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis:7.0",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2022-3647": {
        "CVE-ID": "CVE-2022-3647",
        "NVD": {
            "Descriptions": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.",
            "Cvss2_BaseScore": 1.8,
            "Cvss3_BaseScore": 3.1,
            "Cvss2_VectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P",
            "Cvss3_VectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "6.2.8",
                    "VersionEndIncluding": ""
                },
                {
                    "URI": "cpe:/a:redis:redis",
                    "FormattedString": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "7.0.0",
                    "VersionEndExcluding": "7.0.6",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2022-3734": {
        "CVE-ID": "CVE-2022-3734",
        "NVD": {
            "Descriptions": "A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 6.3,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis:-",
                    "FormattedString": "cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    },
    "CVE-2023-31655": {
        "CVE-ID": "CVE-2023-31655",
        "NVD": {
            "Descriptions": "redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.",
            "Cvss2_BaseScore": 0,
            "Cvss3_BaseScore": 7.5,
            "Cvss2_VectorString": "",
            "Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "CPEs": [
                {
                    "URI": "cpe:/a:redis:redis:7.0.10",
                    "FormattedString": "cpe:2.3:a:redis:redis:7.0.10:*:*:*:*:*:*:*",
                    "VersionStartExcluding": "",
                    "VersionStartIncluding": "",
                    "VersionEndExcluding": "",
                    "VersionEndIncluding": ""
                }
            ]
        }
    }
}