Filtered by vendor Redislabs
Subscribe
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-12453 | 1 Redislabs | 1 Redis | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | |||||
CVE-2015-4335 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2018-08-13 | 10.0 HIGH | N/A |
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | |||||
CVE-2016-10517 | 1 Redislabs | 1 Redis | 2018-08-08 | 4.3 MEDIUM | 7.4 HIGH |
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | |||||
CVE-2013-7458 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2018-08-08 | 2.1 LOW | 3.3 LOW |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. |