Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redislabs vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-3470
A heap overflow issue was found in Redis in versions prior to 5.0.10, prior to 6.0.9 and prior to 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast...
Redislabs Redis
Redislabs Redis 6.2.0
NA
CVE-2015-4335
Redis prior to 2.8.21 and 3.x prior to 3.0.2 allows remote malicious users to execute arbitrary Lua bytecode via the eval command.
Redislabs Redis 3.0.0
Redislabs Redis 3.0.1
Redislabs Redis
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2021-21309
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a config...
Redislabs Redis
7.5
CVSSv3
CVE-2020-35668
RedisGraph 2.x up to and including 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.
Redislabs Redisgraph
8.8
CVSSv3
CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an malicious user to execute arbitrary code via the code logic after valid authentication.
Redislabs Redisgraph
5.5
CVSSv3
CVE-2013-0178
Insecure temporary file vulnerability in Redis prior to 2.6 related to /tmp/redis-%p.vm.
Redislabs Redis
7.4
CVSSv3
CVE-2016-10517
networking.c in Redis prior to 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
Redislabs Redis
7.5
CVSSv3
CVE-2018-12453
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis prior to 5.0 allows remote malicious users to cause denial-of-service via an XGROUP command in which the key is not a stream.
Redislabs Redis
1 EDB exploit
9.8
CVSSv3
CVE-2017-15047
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows malicious users to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
Redislabs Redis 4.0.2
9.8
CVSSv3
CVE-2023-47003
An issue in RedisGraph v.2.12.10 allows an malicious user to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.
Redislabs Redisgraph 2.12.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »