Vulnerabilities > Redislabs

DATE CVE VULNERABILITY TITLE RISK
2017-10-24 CVE-2016-10517 7PK - Security Features vulnerability in Redislabs Redis
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
network
low complexity
redislabs CWE-254
7.4
2017-10-06 CVE-2017-15047 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redislabs Redis 4.0.2
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
network
low complexity
redislabs CWE-119
critical
9.8
2016-10-28 CVE-2016-8339 Out-of-bounds Write vulnerability in Redislabs Redis
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent.
network
low complexity
redislabs CWE-787
critical
9.8
2016-08-10 CVE-2013-7458 Information Exposure vulnerability in multiple products
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
local
low complexity
redislabs debian CWE-200
3.3
2016-04-13 CVE-2015-8080 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
network
low complexity
redislabs debian opensuse redhat CWE-190
7.5