FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

redis

redis at FreshPorts.org

Entered	Topic
2025-10-04	redis,valkey -- Lua library commands may lead to integer overflow and potential RCE
	redis,valkey -- Lua Use-After-Free may lead to remote code execution
	redis,valkey -- Out of bound read due to a bug in LUA
	redis,valkey -- Running Lua function as a different user
2025-07-07	redis,valkey -- DoS Vulnerability due to bad connection error handling
	redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE
	redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE
2025-04-24	redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
2025-01-10	redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors
2025-01-10	redis,valkey -- Remote code execution valnerability
2024-10-02	redis,valkey -- Multiple vulnerabilities
2023-10-18	redis -- Possible bypassing Unix socket permissions
2023-09-07	redis -- Possible bypassing ACL configuration
2023-07-10	redis -- heap overflow in COMMAND GETKEYS and ACL evaluation
2023-07-10	redis -- Heap overflow in the cjson and cmsgpack libraries
2023-05-08	redis -- HINCRBYFLOAT can be used to crash a redis-server process
2023-03-21	redis -- specially crafted MSETNX command can lead to denial-of-service
2023-03-01	redis -- multiple vulnerabilities
2023-01-16	redis -- multiple vulnerabilities
2022-09-21	redis -- Potential remote code execution vulnerability
2022-07-18	redis -- Potential remote code execution vulnerability
2022-04-27	redis -- Multiple vulnerabilities
2021-10-05	redis -- multiple vulnerabilities
2021-07-27	redis -- Integer overflow issues with BITFIELD command on 32-bit systems
2021-06-01	redis -- integer overflow
2021-05-03	redis -- multiple vulnerabilities
2021-02-23	redis -- Integer overflow on 32-bit systems
2016-10-11	redis -- sensitive information leak through command history file
2015-06-08	redis -- EVAL Lua Sandbox Escape
2012-01-16	Multiple implementations -- DoS via hash algorithm collision