VYPR

rpm package

suse/redis&distro=SUSE Package Hub 12

pkg:rpm/suse/redis&distro=SUSE%20Package%20Hub%2012

Vulnerabilities (4)

  • CVE-2020-14147Jun 15, 2020
    affected < 4.0.14-bp151.3.6.1fixed 4.0.14-bp151.3.6.1

    An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restri

  • CVE-2016-10517HigOct 24, 2017
    affected < 4.0.2-9.1fixed 4.0.2-9.1

    networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).

  • CVE-2017-15047CriOct 6, 2017
    affected < 4.0.6-12.1fixed 4.0.6-12.1

    The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

  • CVE-2013-7458LowAug 10, 2016
    affected < 3.0.7-6.1fixed 3.0.7-6.1

    linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.