Filtered by vendor Redislabs
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-10517 | 1 Redislabs | 1 Redis | 2024-11-21 | N/A |
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | ||||
CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 6 Debian Linux, Leap, Opensuse and 3 more | 2024-11-21 | 7.5 High |
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | ||||
CVE-2015-4335 | 3 Debian, Redhat, Redislabs | 3 Debian Linux, Openstack, Redis | 2024-11-21 | N/A |
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | ||||
CVE-2013-7458 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2024-11-21 | N/A |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | ||||
CVE-2013-0180 | 1 Redislabs | 1 Redis | 2024-11-21 | 5.5 Medium |
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | ||||
CVE-2013-0178 | 1 Redislabs | 1 Redis | 2024-11-21 | 5.5 Medium |
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. |