gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

EUVD-2026-39480

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

nginx 0.3.50 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overread in ngx_http_charset_module

The installed version of nginx is 0.3.50 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

Linux Distros Unpatched Vulnerability : CVE-2026-48142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

Astra Linux – Vulnerability in Raptor2

In the Raptor RDF Syntax Library version 2.0.16, there was a heap-based buffer overflow issue during the parsing of triples using the nquads parser in the raptorntriplesparseterminternal function...

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, there was a heap buffer over-read vulnerability in the libpng’s pngdoquantize function when processing PNG files with malformed palette...

Astra Linux – Vulnerability in binutils

There is a heap-based buffer overflow issue in the function dexpression1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. A crafted input can cause segmentation faults, leading to denial-of-service attacks, as demonstrated by c++filt...

Astra Linux – Vulnerability in libonig

A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as fetchrangequantifier in regparse.c, PFETCH is called without checking PEND. This leads to a buffer overflow issue based on the heap mechanism...

Astra Linux – Vulnerability in libonig

A issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function gb18030mbcenclen in the file gb18030.c, a UChar pointer was dereferenced without checking whether it pointed to the end of the matched string. This resulted in a buffer overflow...

Astra Linux – Vulnerability in Nasm

In Netwide Assembler NASM 2.15rc0, a heap-based buffer over-read occurs due to a malicious .asm file during the call to settextfree from expandonesmacro in asm/preproc.c...

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.51 to 1.6.53, there was a potential issue of excessive memory access in the libpng simplified API function pngimagefinishread, when processing...

Astra Linux – Vulnerability in zlib, libz-mingw-w64

Zlib versions up to 1.2.12 have a heap-based buffer over-read or buffer overflow issue in the inflate function within inflate.c, due to a large gzip header extra field. NOTE: Only applications that call inflateGetHeader are affected. Some common applications bundle the affected Zlib source code,...

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. A vulnerability in the sniffunknown function may lead to a situation where heap buffers are overread...