Redislabs Redis
6 CVEs affecting Redislabs Redis. Latest disclosed: 2017-10-24. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-15047 | Critical | 9.8 | 2017-10-06 | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or p… |
CVE-2016-8339 | Critical | 9.8 | 2016-10-28 | A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in… |
CVE-2015-8080 | High | 7.5 | 2016-04-13 | Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission… |
CVE-2016-10517 | High | 7.4 | 2017-10-24 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis prot… |
CVE-2013-7458 | Low | 3.3 | 2016-08-10 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by re… |
CVE-2015-4335 | | 2015-06-09 | Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. |