VYPR

Redis

by Redis

Source repositories

CVEs (72)

  • CVE-2021-32761Jul 21, 2021
    risk 0.00cvss epss 0.31

    Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to…

  • CVE-2021-32625Jun 2, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote…

  • CVE-2021-29478May 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and…

  • CVE-2021-29477May 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote…

  • CVE-2021-3470Mar 31, 2021
    risk 0.00cvss epss 0.01

    A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority…

  • CVE-2021-21309Feb 26, 2021
    risk 0.00cvss epss 0.05

    Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a…

  • CVE-2020-14147Jun 15, 2020
    risk 0.00cvss epss 0.03

    An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox…

  • CVE-2020-7105Jan 16, 2020
    risk 0.00cvss epss 0.03

    async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

  • CVE-2013-0180Nov 1, 2019
    risk 0.00cvss epss 0.00

    Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.

  • CVE-2013-0178Nov 1, 2019
    risk 0.00cvss epss 0.00

    Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.

  • CVE-2016-2121Oct 31, 2018
    risk 0.00cvss epss 0.00

    A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.

  • CVE-2015-4335Jun 9, 2015
    risk 0.00cvss epss 0.10

    Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

Page 4 of 4