ROS-20260430-73-0001

A vulnerability in valkey is related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260430-73-0002

Vulnerability in valkey related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260430-73-0003

Vulnerability in valkey related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

Ubuntu: Security Advisory (USN-8106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 9 : valkey (RLSA-2026:3507)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3507 advisory. Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts CVE-2025-67733 valkey: Valkey: Denial of Service...

RockyLinux 10 : valkey (RLSA-2026:3443)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3443 advisory. Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts CVE-2025-67733 valkey: Valkey: Denial of Servic...

Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

Linux Distros Unpatched Vulnerability : CVE-2025-67733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2026-27623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the...

ALPINE-CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

CVE-2026-21863

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processin...

UBUNTU-CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

CVE-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

CVE-2025-67733

Valkey is affected by a RESP protocol injection via Lua error_reply. Before versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user could inject information into the response stream through scripting commands, potentially corrupting or returning tampered data to other users on the same connect...

Azure Linux 3.0 Security Update: valkey (CVE-2024-51741)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-51741 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileg...

Azure Linux 3.0 Security Update: valkey (CVE-2025-27151)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27151 advisory. - Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before...

Azure Linux 3.0 Security Update: valkey (CVE-2025-49112)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49112 advisory. - setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-size - prev-used...

Azure Linux 3.0 Security Update: valkey (CVE-2025-21605)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21605 advisory. - Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to...

Azure Linux 3.0 Security Update: valkey (CVE-2024-31227)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31227 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileg...