CVE-2026-47206

Dragonfly is an in-memory store. Before version 1.39.9, it is vulnerable to RESP protocol injection via Lua redis.error_reply() in EvalSerializer, allowing an authenticated user to inject arbitrary RESP messages into the connection’s response stream and potentially desynchronize responses for con...

Astra Linux – Vulnerability in hiredis

Hiredis is a minimalistic C client library for the Redis database. In affected versions, Hiredis can be vulnerable to integer overflow if maliciously crafted or corrupted RESP mult-bulk protocol data is provided. When parsing mult-bulk array-like replies, Hiredis fails to check whether count...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi.debug: A sanity check was performed to ensure that the block descriptor length in respmodeselect was valid. BUG: KASAN: A use-after-free condition occurred in respmodeselect+0xa4c/0xb40, located in...

EUVD-2026-36467

Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length...

CVE-2026-50011 Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

CVE-2026-50011

Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007603 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed runnin...

CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

CVE-2025-67733

Valkey is affected by a RESP protocol injection via Lua error_reply. Before versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user could inject information into the response stream through scripting commands, potentially corrupting or returning tampered data to other users on the same connect...

SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:0358-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0358-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyrespon...

SUSE-SU-2026:0359-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex function...

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989262 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989979)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989979 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990273 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...

EUVD-2017-4507

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987024)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987024 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs The following issue was observed runni...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987340 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...