Lucene search
K

201 matches found

RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59875

A flaw was found in node-tar, a library for manipulating tar archives in Node.js. A remote attacker could craft a malicious archive containing null characters NUL bytes in its metadata. When this archive is processed, the unstripped null characters can cause the application to terminate...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Oracle Linux 9 : openssh (ELSA-2026-19219)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19219 advisory. - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 - CVE-2025-61984...

8.2CVSS6.7AI score0.0218EPSS
Exploits2References6
Rockylinux
Rockylinux
added 2026/05/21 4:30 p.m.15 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux,...

3.6CVSS6.5AI score0.00218EPSS
Exploits2
OSV
OSV
added 2026/05/21 4:30 p.m.13 views

RLSA-2025:23479 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

5.3CVSS6.8AI score0.00218EPSS
Exploits2References3
Rockylinux
Rockylinux
added 2026/05/21 4:27 p.m.21 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

3.6CVSS6.5AI score0.00218EPSS
Exploits2
OSV
OSV
added 2026/05/21 4:27 p.m.13 views

RLSA-2025:23480 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

5.3CVSS6.8AI score0.00218EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which causes a crash on Windows when NUL characters are entered...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/23 5:49 p.m.4 views

Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

8.5CVSS6AI score0.00586EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/19 12:44 p.m.4 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON parsing process. An attacker can manipulate message fields by appending null Unicode characters to keys, causing key collisions and overriding intended values by submitting specially crafted JSON...

8.2CVSS5.8AI score
Exploits0References3
Ubuntu
Ubuntu
added 2026/03/12 6:16 p.m.10 views

USN-8090-1: OpenSSH vulnerabilities

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...

8.2CVSS6.1AI score0.0218EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/03/02 8:5 a.m.3 views

Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

8.5CVSS5.9AI score0.00586EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/02 12:25 a.m.8 views

SUSE CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

6.8CVSS6AI score0.00586EPSS
Exploits0References8
OSV
OSV
added 2026/03/02 12:0 a.m.7 views

ALSA-2026:3507 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS5.8AI score0.00586EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/24 6:57 a.m.10 views

CVE-2025-67733

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

8.5CVSS5.5AI score0.00586EPSS
Exploits0References4
OSV
OSV
added 2026/02/23 8:28 p.m.4 views

DEBIAN-CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

7.1CVSS5.5AI score0.00586EPSS
Exploits0References1
OSV
OSV
added 2026/02/23 8:28 p.m.9 views

AZL-78317 CVE-2025-67733 affecting package valkey for versions less than 8.0.7-1

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS5.9AI score0.00586EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/23 8:28 p.m.6 views

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS5.9AI score0.00586EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 8:28 p.m.9 views

UBUNTU-CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS6AI score0.00586EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/23 7:39 p.m.27 views

CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS0.00586EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/23 7:39 p.m.2 views

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS5.7AI score0.00586EPSS
Exploits0
Rows per page
Query Builder