Redis

Source repositories

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-15047	Cri	0.64	9.8	0.00	Oct 6, 2017	The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
CVE-2016-10517	Hig	0.48	7.4	0.00	Oct 24, 2017	networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
CVE-2013-7458	Low	0.21	3.3	0.00	Aug 10, 2016	linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2015-4335		0.01	—	0.09	Jun 9, 2015	Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

CVE-2017-15047CriOct 6, 2017
risk 0.64cvss 9.8epss 0.00
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
CVE-2016-10517HigOct 24, 2017
risk 0.48cvss 7.4epss 0.00
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
CVE-2013-7458LowAug 10, 2016
risk 0.21cvss 3.3epss 0.00
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2015-4335Jun 9, 2015
risk 0.01cvss —epss 0.09
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.