1351 matches found
CVE-2026-57437
A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the...
redis: RESTORE invalid memory access may allow remote code execution
A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...
EUVD-2026-38301
The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...
redis: RESTORE invalid memory access may allow remote code execution
A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...
Astra Linux – Vulnerability in exiv2
An invalid memory address dereferencing was discovered in the Exiv2::DataValue::read method in value.cpp in Exiv2 0.26. This vulnerability causes a segmentation fault and an application crash, resulting in a denial of service...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an invalid prog-stats access when updateeffectiveprogs fails. The issue occurs due to a fault-injected code sequence in updateeffectiveprogs. The problem can be described as follows: c cgroupbpfdetach...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the handling of offloads in ipgre.c, there is a possibility of a page fault due to an invalid memory access. This could lead to the disclosure of local information without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android Versions...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: In the readstring function, the sensor index is checked. This prevents potential invalid memory accesses when the requested sensor is not found. findecsensorindex may return a negative value e.g., -ENOENT, but its result w...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid dereference of sblvbptr I encounter issues when placing an lkbsb on the stack and having the sblvbptr field point to a dangling pointer, without using DLMLKFVALBLK. This will cause a crash with the following...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed potential invalid access when the MAC list is empty. listfirstentry never returns NULL—if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenci...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40263)
In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...
redis: RESTORE invalid memory access may allow remote code execution
A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...
RLSA-2026:23229 Important: redis security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Important: Red Hat Security Advisory: valkey security update
An update for valkey is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-25589
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
CVE-2025-59606
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...
EUVD-2025-210021
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...
CVE-2025-59606
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...
CVE-2025-59606
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...
CVE-2025-59606
The CVE-2025-59606 entry describes a memory corruption flaw triggered by writing to invalid memory locations caused by heap exhaustion during secure data initialization. The CVSS 3.1 vector indicates a local, low-privilege, no-user-interaction exposure with high impact to confidentiality, integri...