368 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-23631
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica...
ALPINE-CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
DEBIAN-CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
EUVD-2026-27398
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
PT-2026-37086
Name of the Vulnerable Software and Affected Versions redis-server versions prior to 8.6.3 Description An authenticated attacker can exploit the master-replica synchronization mechanism in the built-in Lua engine to trigger a use-after-free condition. This occurs on replicas where the...
UBUNTU-CVE-2026-24028
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-27854
Summary of CVE-2026-27854 : An attacker could trigger a use-after-free when parsing EDNS options via the DNSQuestion:getEDNSOptions method within custom Lua code used by dnsdist. This may occur when a crafted DNS query references a modified DNS packet version, potentially causing a crash and deni...
CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-24028
CVE-2026-24028 describes an out-of-bounds read when parsing DNS packets via Lua: if custom Lua code uses newDNSPacketOverlay to parse DNS packets, a crafted DNS response can trigger a crash (DoS) or unauthorized memory access (potential information disclosure). The available documents do not spec...
RHEL 10 : valkey (RHSA-2026:5445)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5445 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006135)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006135 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006170)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006170 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to caus...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006168)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006168 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read...
Exploit for Use After Free in Redis
🚨 CVE-2025-49844 — “RediShell” Critical Remote Code Execu...
[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2026-1471)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1471 advisory. Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response...