Every CVE whose affected-product data names Redislabs Redis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2015-4335 — CVSS 10.0 (critical): Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2016-8339 — CVSS 9.8 (critical): A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write…
CVE-2018-11218 — CVSS 9.8 (critical): Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0…
CVE-2018-11219 — CVSS 9.8 (critical): An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x…
CVE-2017-15047 — CVSS 9.8 (critical): The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and…
CVE-2018-12326 — CVSS 8.4 (high): Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to…
CVE-2020-14147 — CVSS 7.7 (high): An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run…
CVE-2021-32625 — CVSS 7.5 (high): Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow…
CVE-2021-29478 — CVSS 7.5 (high): Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow…
CVE-2021-32761 — CVSS 7.5 (high): Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow…
CVE-2015-8080 — CVSS 7.5 (high): Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent…
CVE-2018-12453 — CVSS 7.5 (high): Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause…
CVE-2020-21468 — CVSS 7.5 (high): A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce…
CVE-2021-29477 — CVSS 7.5 (high): Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow…
CVE-2016-10517 — CVSS 7.4 (high): networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not…
CVE-2019-10192 — CVSS 7.2 (high): A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and…
CVE-2019-10193 — CVSS 7.2 (high): A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and…
CVE-2021-21309 — CVSS 5.4 (medium): Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis…
CVE-2021-3470 — CVSS 5.3 (medium): A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than…
CVE-2013-7458 — CVSS 3.3 (low): linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain…