CVE-2026-25589

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

EUVD-2025-210021

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

CVE-2025-59606

The CVE-2025-59606 entry describes a memory corruption flaw triggered by writing to invalid memory locations caused by heap exhaustion during secure data initialization. The CVSS 3.1 vector indicates a local, low-privilege, no-user-interaction exposure with high impact to confidentiality, integri...

PT-2026-45631

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

CVE-2026-45974

A flaw was found in the Linux kernel's btrfs filesystem. The btrfsquotaenable function contains a logic error where it attempts to access an invalid memory location if a specific key is not found during a search operation. This incorrect handling of search results can lead to invalid leaf access,...

CVE-2026-46016

A flaw was found in the Linux kernel's remoteproc xlnx component. This vulnerability occurs when the system attempts to process an Inter-Processor Interrupt IPI message without properly verifying its contents. An attacker could exploit this by causing the system to access an invalid memory...

CVE-2026-45838

A flaw was found in the Linux kernel. Specifically, within the Berkeley Packet Filter BPF component, an error in the cgroupstoragegetnextkey function's end-of-list detection mechanism can cause the system to read from an invalid memory location. This incorrect handling may lead to internal map...

CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: hwmon: In the readstring function, there is a check for the sensor index. This check prevents potential invalid memory accesses when the requested sensor is not found. The findecsensorindex function may return a negative value...

Astra Linux - уязвимость в linux, linux-5.10

In the handling of offloads in ipgre.c, there is a possibility of a page fault due to an invalid memory access. This could lead to the disclosure of local information without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android Versions...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an invalid prog-stats access when updateeffectiveprogs fails. The issue occurs due to a fault-injected operation in updateeffectiveprogs. The problem can be described as follows: c cgroupbpfdetach updateeffectiveprogs...

Astra Linux - уязвимость в exiv2

An invalid memory address dereferencing was discovered in the Exiv2::DataValue::read method in value.cpp in Exiv2 0.26. This vulnerability causes a segmentation fault and an application crash, resulting in a denial of service...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed potential invalid access when the MAC list is empty. The listfirstentry function never returns NULL—if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access whe...

EUVD-2025-209901

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

SUSE-SU-2026:21814-1 Security update for valkey

This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...

Fedora 44 : valkey (2026-3e31dafe5c)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3e31dafe5c advisory. Version 9.0.4 Security fixes - CVE-2026-23479 Use-After-Free in unblock client flow - CVE-2026-25243 Invalid Memory Access in RESTORE command -...

CLSA-2026-1778845249 redis: Fix of 2 CVEs

CVE-2026-23631: fix use-after-free in readSyncBulkPayload when fullsync happens while a Lua script is timed out on the replica - CVE-2026-25243: fix invalid memory access in RESTORE on crafted zipmap, listpack and stream PEL payloads...