Lucene search
+L

9 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. In versions prior to 8.0.3, as well as in 7.4.5, 7.2.10, and 6.2.19, an authenticated user could use a specially crafted string to trigger an out-of-bounds write operation on the hyperloglog data structure, potentially leadin...

7.8CVSS5.7AI score0.03877EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:18 p.m.5 views

CVE-2026-22262

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

5.9CVSS6.1AI score0.00467EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 6:10 p.m.3 views

CVE-2026-22261 Suricata eve/alert: http1 xff handling can lead to denial of service

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

3.7CVSS5.9AI score0.00312EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/27 5:13 p.m.25 views

CVE-2026-22259 Suricata dnp3: unbounded transaction growth

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

7.5CVSS0.00508EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 2:23 a.m.5 views

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

6.9CVSS5.8AI score0.00562EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.8 views

AlchemyCMS security vulnerabilities

AlchemyCMS is an open-source content management system based on the AlchemyCMS – a Rails CMS framework. Vulnerabilities existed in versions prior to 7.4.12 and 8.0.3 of AlchemyCMS. These vulnerabilities stemmed from the use of the Ruby eval function in Alchemy::ResourcesHelperresourceurlproxy,...

9.9CVSS6.2AI score0.00426EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-48367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client...

7.5CVSS6.1AI score0.00733EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/23 12:0 a.m.25 views

CVE-2025-46686

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this i...

3.5CVSS7.4AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2025/07/18 2:49 p.m.5 views

OESA-2025-1850 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an...

7.8CVSS8AI score0.03877EPSS
Exploits4References3
Rows per page
Query Builder