Vulnerabilities > Redislabs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-24 | CVE-2016-10517 | 7PK - Security Features vulnerability in Redislabs Redis networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | 7.4 |
2017-10-06 | CVE-2017-15047 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redislabs Redis 4.0.2 The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." | 9.8 |
2016-10-28 | CVE-2016-8339 | Out-of-bounds Write vulnerability in Redislabs Redis A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. | 9.8 |
2016-08-10 | CVE-2013-7458 | Information Exposure vulnerability in multiple products linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | 3.3 |
2016-04-13 | CVE-2015-8080 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 7.5 |