CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0180
https://notcve.org/view.php?id=CVE-2013-0180
01 Nov 2019 — Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. Una vulnerabilidad de archivo temporal no seguro en Redis versión 2.6, relacionada con el archivo /tmp/redis.ds. • http://www.openwall.com/lists/oss-security/2013/01/14/7 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0178
https://notcve.org/view.php?id=CVE-2013-0178
01 Nov 2019 — Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. Una vulnerabilidad de archivo temporal no seguro en Redis versiones anteriores a 2.6, relacionada con el archivo /tmp/redis-%p.vm. • http://www.openwall.com/lists/oss-security/2013/01/14/5 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 32%CPEs: 23EXPL: 0CVE-2019-10192 – redis: Heap buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10192
11 Jul 2019 — A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores... • http://www.securityfocus.com/bid/109290 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 34%CPEs: 22EXPL: 0CVE-2019-10193 – redis: Stack buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10193
11 Jul 2019 — A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure de Redis en las versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a ... • http://www.securityfocus.com/bid/109290 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 11%CPEs: 8EXPL: 2CVE-2018-11218 – redis: Heap corruption in lua_cmsgpack.c
https://notcve.org/view.php?id=CVE-2018-11218
17 Jun 2018 — Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Se ha descubierto una corrupción de memoria en la biblioteca cmsgpack en el subsistema Lua en Redis en versiones anteriores a la 3.2.12, versiones 4.x anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC2 debido a desbordamientos de búfer basados en pila. Redis is an advanced key-value store. It is often referred to ... • http://antirez.com/news/119 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 1CVE-2018-11219 – redis: Integer overflow in lua_struct.c:b_unpack()
https://notcve.org/view.php?id=CVE-2018-11219
17 Jun 2018 — An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Se ha descubierto un problema de desbordamiento de enteros en la biblioteca struct en el subsistema Lua en Redis en versiones anteriores a la 3.2.12, versiones 4.x anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC2 que conduce a un error en la comprobación de límites. Redis is an advanced key-value store. I... • http://antirez.com/news/119 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.4EPSS: 28%CPEs: 3EXPL: 3CVE-2018-12326 – Redis-cli < 5.0 - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2018-12326
17 Jun 2018 — Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. Desbordamiento de búfer en redis-cli en Redis, en versiones anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC3 permite que un atacante logre la ejecución de ... • https://packetstorm.news/files/id/148225 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 3CVE-2018-12453 – Redis 5.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-12453
16 Jun 2018 — Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Confusión de tipos en la función xgroupCommand en t_stream.c en redis-server en Redis en versiones anteriores a la 5.0 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante un comando XGROUP en el que la clave no es una secuencia. Redis version 5.0 suffers from a denial of service ... • https://packetstorm.news/files/id/148270 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10517
https://notcve.org/view.php?id=CVE-2016-10517
24 Oct 2017 — networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). networking.c en Redis en versiones anteriores a la 3.2.7 permite Cross Protocol Scripting porque carece de un control para cadenas POST y Host: que no son válidas en el protocolo Redis (pero suele ocurrir cuando un ataque desencadena una petición HTTP al puerto TC... • http://www.securityfocus.com/bid/101572 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15047 – Gentoo Linux Security Advisory 202008-17
https://notcve.org/view.php?id=CVE-2017-15047
06 Oct 2017 — The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." La función clusterLoadConfig en cluster.c en Redis 4.0.2 permite que atacantes remotos provoquen una denegación de servicio (indexación de arrays fuera de límites y cierre inesperado de la aplicación) o, probablemente, causar cualquier otro tipo de impacto mediante un... • https://github.com/antirez/redis/issues/4278 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •