Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redislabs Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12453 1 Redislabs 1 Redis 2018-08-14 5.0 MEDIUM 7.5 HIGH
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
CVE-2015-4335 2 Debian, Redislabs 2 Debian Linux, Redis 2018-08-13 10.0 HIGH N/A
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2016-10517 1 Redislabs 1 Redis 2018-08-08 4.3 MEDIUM 7.4 HIGH
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
CVE-2013-7458 2 Debian, Redislabs 2 Debian Linux, Redis 2018-08-08 2.1 LOW 3.3 LOW
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.