CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10517
https://notcve.org/view.php?id=CVE-2016-10517
24 Oct 2017 — networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). networking.c en Redis en versiones anteriores a la 3.2.7 permite Cross Protocol Scripting porque carece de un control para cadenas POST y Host: que no son válidas en el protocolo Redis (pero suele ocurrir cuando un ataque desencadena una petición HTTP al puerto TC... • http://www.securityfocus.com/bid/101572 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15047 – Gentoo Linux Security Advisory 202008-17
https://notcve.org/view.php?id=CVE-2017-15047
06 Oct 2017 — The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." La función clusterLoadConfig en cluster.c en Redis 4.0.2 permite que atacantes remotos provoquen una denegación de servicio (indexación de arrays fuera de límites y cierre inesperado de la aplicación) o, probablemente, causar cualquier otro tipo de impacto mediante un... • https://github.com/antirez/redis/issues/4278 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 1CVE-2016-8339 – Gentoo Linux Security Advisory 201702-16
https://notcve.org/view.php?id=CVE-2016-8339
28 Oct 2016 — A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Un desbordamiento de búfer en Redis 3.2.x antes de 3.2.4 provoca ejecución de código arbitrario cuando un comando manipulado es ... • http://www.securityfocus.com/bid/93283 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7458 – Debian Security Advisory 3634-1
https://notcve.org/view.php?id=CVE-2013-7458
01 Aug 2016 — linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. linenoise, tal y como se utiliza en Redis en versiones anteriores a 3.2.3, utiliza permisos accesibles a todos para .rediscli_history, lo que permite a usuarios locales obtener información sensible leyendo el archivo. It was discovered that redis, a persistent key-value database, did not with world-readable permissions. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 1CVE-2015-8080 – redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-8080
04 Dec 2015 — Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones a... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html • CWE-190: Integer Overflow or Wraparound •