CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 3CVE-2018-12453 – Redis 5.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-12453
16 Jun 2018 — Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Confusión de tipos en la función xgroupCommand en t_stream.c en redis-server en Redis en versiones anteriores a la 5.0 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante un comando XGROUP en el que la clave no es una secuencia. Redis version 5.0 suffers from a denial of service ... • https://packetstorm.news/files/id/148270 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10517
https://notcve.org/view.php?id=CVE-2016-10517
24 Oct 2017 — networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). networking.c en Redis en versiones anteriores a la 3.2.7 permite Cross Protocol Scripting porque carece de un control para cadenas POST y Host: que no son válidas en el protocolo Redis (pero suele ocurrir cuando un ataque desencadena una petición HTTP al puerto TC... • http://www.securityfocus.com/bid/101572 • CWE-254: 7PK - Security Features •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7458 – Debian Security Advisory 3634-1
https://notcve.org/view.php?id=CVE-2013-7458
01 Aug 2016 — linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. linenoise, tal y como se utiliza en Redis en versiones anteriores a 3.2.3, utiliza permisos accesibles a todos para .rediscli_history, lo que permite a usuarios locales obtener información sensible leyendo el archivo. It was discovered that redis, a persistent key-value database, did not with world-readable permissions. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 1CVE-2015-4335 – redis: Lua sandbox escape and arbitrary code execution
https://notcve.org/view.php?id=CVE-2015-4335
09 Jun 2015 — Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Redis anterior a versión 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el código byte Lua arbitrario por medio del comando eval. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. Redis is an advanced ke... • http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape • CWE-17: DEPRECATED: Code •