Filtered by vendor Redislabs
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15047 | 1 Redislabs | 1 Redis | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." | |||||
CVE-2015-4335 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2024-02-04 | 10.0 HIGH | N/A |
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | |||||
CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Leap, Opensuse and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | |||||
CVE-2016-8339 | 1 Redislabs | 1 Redis | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. | |||||
CVE-2013-7458 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2024-02-04 | 2.1 LOW | 3.3 LOW |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. |