Search CVE reports
51 – 59 of 59 results
CVE-2018-12326
Medium prioritySome fixes available 3 of 4
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Fixed | Fixed |
CVE-2018-12453
Low priorityType confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Not affected |
CVE-2017-1000248
Unknown prioritySome fixes available 1 of 3
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
1 affected packages
ruby-redis-store
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-redis-store | — | — | — | Not affected | Fixed |
CVE-2016-10517
Medium prioritySome fixes available 3 of 4
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Fixed |
CVE-2017-15047
Low prioritySome fixes available 1 of 3
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Fixed |
CVE-2016-8339
Medium priorityA buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Not affected |
CVE-2013-7458
Medium prioritySome fixes available 2 of 7
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Fixed |
CVE-2015-8080
Medium prioritySome fixes available 1 of 7
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Not affected |
CVE-2015-4335
Medium prioritySome fixes available 1 of 8
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | — | — | — | Not affected | Not affected |