Vulnerabilities > Redislabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-47004 | Out-of-bounds Write vulnerability in Redislabs Redisgraph Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. | 8.8 |
| 2021-09-20 | CVE-2020-21468 | Unspecified vulnerability in Redislabs Redis 5.0.7 A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). | 7.5 |
| 2021-07-21 | CVE-2021-32761 | Redis is an in-memory database that persists on disk. | 7.5 |
| 2021-06-02 | CVE-2021-32625 | Integer Overflow or Wraparound vulnerability in multiple products Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. | 8.8 |
| 2021-05-04 | CVE-2021-29478 | Integer Overflow or Wraparound vulnerability in multiple products Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. | 8.8 |
| 2021-05-04 | CVE-2021-29477 | Integer Overflow or Wraparound vulnerability in multiple products Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. | 8.8 |
| 2021-02-26 | CVE-2021-21309 | Unspecified vulnerability in Redislabs Redis Redis is an open-source, in-memory database that persists on disk. | 8.8 |
| 2020-12-23 | CVE-2020-35668 | NULL Pointer Dereference vulnerability in Redislabs Redisgraph RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. | 7.5 |
| 2020-06-15 | CVE-2020-14147 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 7.7 |
| 2020-01-16 | CVE-2020-7105 | NULL Pointer Dereference vulnerability in multiple products async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | 7.5 |