← Back

Redislabs

redislabs

26 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Redis
redis
22 CVEs
Redisgraph
redisgraph
3 CVEs
Hiredis
hiredis
1 CVE

CVEs (26)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-10517
1Redislabs
1Redis
May 13, 2026
Oct 24, 2017
N/A· v4
7.4 HIGH· v3
4.3 MEDIUM· v2
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP requ...Show more
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).Show less
CVE-2017-15047
1Redislabs
1Redis
May 13, 2026
Oct 6, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited...Show more
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."Show less
CVE-2016-8339
1Redislabs
1Redis
May 6, 2026
Oct 28, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during...Show more
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.Show less
CVE-2013-7458
2Debian
Redislabs
2Debian Linux
Redis
May 6, 2026
Aug 10, 2016
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2015-8080
4Debian
OpensuseRedhat+1 more
5Debian Linux
LeapOpenstack+2 more
May 6, 2026
Apr 13, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of servi...Show more
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.Show less
CVE-2015-4335
2Debian
Redislabs
2Debian Linux
Redis
May 6, 2026
Jun 9, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.