EUVD-2026-39332

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

CVE-2026-46752

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. When using the Redis Lua Debugger, users can send malformed requests, causing the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or...

CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

CVE-2026-23631

CVE-2026-23631 affects the Redis server when using Lua scripting. An authenticated attacker can abuse the master–replica synchronization to trigger a use-after-free on replicas with replica-read-only disabled (or that can be disabled), potentially enabling remote code execution. The issue is miti...

MiracleLinux 9 : valkey-8.0.6-2.el9_7 (AXSA:2025-11535:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11535:02 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts...

AlmaLinux 9 : valkey (ALSA-2025:21916)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21916 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

valkey security update

An update is available for valkey. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Valkey is an advanced key-value store. It is often referred to as a data...

RockyLinux 10 : valkey (RLSA-2025:21936)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21936 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as ...

RockyLinux 9 : valkey (RLSA-2025:21916)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21916 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

RHEL 9 : valkey (RHSA-2025:21916)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21916 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

RHEL 9 : redis:7 (RHSA-2025:20955)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20955 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, set...

RockyLinux 10 : valkey (RLSA-2025:19675)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19675 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as ...

RLSA-2025:19237 Important: redis security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

ALSA-2025:19237 Important: redis security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

Security Bulletin: Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Endpoint and IBM Aspera Desktop Client.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Server v4.4.7, IBM Aspera High-Speed Transfer Endpoint v4.4.7 and IBM Aspera Desktop Client v4.4.7. Vulnerability Details CVEID:CVE-2025-46818 DESCRIPTION: Redis is an open source, in-memory database that persists o...