Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redislabs Subscribe
Filtered by product Redis
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10517 1 Redislabs 1 Redis 2018-08-08 4.3 MEDIUM 7.4 HIGH
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
CVE-2013-7458 2 Debian, Redislabs 2 Debian Linux, Redis 2018-08-08 2.1 LOW 3.3 LOW
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.