Download
| Alert*
oval:org.secpod.oval:def:2001569
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging "limited access to the machine." oval:org.secpod.oval:def:2001634 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol . oval:org.secpod.oval:def:602131 redis-server is installed oval:org.secpod.oval:def:53355 Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service. oval:org.secpod.oval:def:603434 Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service. oval:org.secpod.oval:def:602574 It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions. Users and systems administrators may want to proactively change permissions on existing ~/rediscli_history files, instead of ... oval:org.secpod.oval:def:602133 It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code. oval:org.secpod.oval:def:69889 Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code. |