1351 matches found
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
CVE-2026-25243
Redis server vulnerability CVE-2026-25243: In Redis up to version 8.6.3, the RESTORE command fails to properly validate serialized values, allowing an authenticated attacker with RESTORE access to supply a crafted payload that may trigger invalid memory access and potentially lead to remote code ...
CVE-2026-25243
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
RedisTimeSeries 安全漏洞
RedisTimeSeries is an open-source time series data structure for Redis. Versions of RedisTimeSeries prior to 1.12.14 have a security vulnerability. This vulnerability stems from the module not properly verifying the serialized values processed via the Redis RESTORE command. Authorized attackers c...
JLSEC-2026-253 Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server...
Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...
CVE-2026-31646
A flaw was found in the Linux kernel's lan966x network driver. An error in handling the return value from the pagepoolcreate function can lead to the use of an invalid memory pointer. This improper error handling can cause a kernel oops, resulting in a Denial of Service DoS for the affected syste...
JLSEC-2026-181
A mongocbulkoperationt may read invalid memory if large options are passed...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011347)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011347 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013100)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013100 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007461)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007461 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of thi...
CVE-2026-23350
A flaw was found in the Linux kernel. When an execution queue fails to initialize in the drm/xe/queue component, the system does not properly finalize it, leaving a damaged entry in a critical lookup list. This can lead to an invalid memory reference, potentially causing system instability or a...
CVE-2025-71231
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...
Google SentencePiece Buffer Overflow Vulnerability
Google SentencePiece is an unsupervised text splitter for neural network-based text generation from Google USA. Google SentencePiece suffers from a buffer overflow vulnerability that stems from an invalid memory access when using a vulnerable model file created by an unusual training process. No...
SUSE CVE-2025-69420
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
CVE-2026-22796
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...
AZL-75896 CVE-2025-69420 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...