63 matches found
Astra Linux - уязвимость в hiredis
Hiredis is a minimalistic C client library for the Redis database. In affected versions, Hiredis can be vulnerable to integer overflow if maliciously crafted or corrupted RESP mult-bulk protocol data is provided. When parsing mult-bulk array-like replies, Hiredis fails to check whether count...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007603)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007603 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed runnin...
CVE-2025-67733
Valkey is affected by a RESP protocol injection via Lua error_reply. Before versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user could inject information into the response stream through scripting commands, potentially corrupting or returning tampered data to other users on the same connect...
CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...
SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2026:0358-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0358-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyrespon...
SUSE-SU-2026:0359-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex function...
CVE-2025-69420
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989979)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989979 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990273)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990273 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989262)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989262 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...
EUVD-2017-4507
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987340)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987340 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986528)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986528 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987024)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987024 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs The following issue was observed runni...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986576)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986576 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987387 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in...
CVE-2024-10499
The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks...