Lucene search

K

8 matches found

CVE
CVE
added 2020/06/15 6:15 p.m.225 views

CVE-2020-14147

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large ...

7.7CVSS8AI score0.01207EPSS
CVE
CVE
added 2018/06/17 2:29 p.m.217 views

CVE-2018-12326

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka h...

8.4CVSS8.6AI score0.35781EPSS
CVE
CVE
added 2018/06/17 5:29 p.m.206 views

CVE-2018-11219

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

9.8CVSS7.9AI score0.02402EPSS
CVE
CVE
added 2018/06/17 5:29 p.m.193 views

CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

9.8CVSS8.1AI score0.16212EPSS
CVE
CVE
added 2019/11/01 7:15 p.m.168 views

CVE-2013-0178

Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.

5.5CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2021/03/31 2:15 p.m.139 views

CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use je...

5.3CVSS5.5AI score0.00466EPSS
CVE
CVE
added 2017/10/24 6:29 p.m.80 views

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).

7.4CVSS7.2AI score0.0024EPSS
CVE
CVE
added 2018/06/16 5:29 p.m.78 views

CVE-2018-12453

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.

7.5CVSS7.4AI score0.28558EPSS