443 matches found
CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
CVE-2026-15685
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...
OESA-2026-2933 libidn security update
GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA 2003 specifications. Libidn's purpose is to encode and decode internationalized domain names. Security Fixes: GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...
The vulnerability of the module for working with the DIB format in the console-based graphic editor ImageMagick allows a hacker to execute arbitrary code, expose protected information, and cause a service failure.
The vulnerability of the module for working with the DIB format in the console-based graphic editor ImageMagick is related to reading data beyond the allowed range of memory. Exploiting this vulnerability allows an attacker to execute arbitrary code, disclose sensitive information, and cause...
The vulnerability of the -sample operation in the console-based image editing tool ImageMagick allows a hacker to trigger a service failure.
The vulnerability of the -sample command in the console-based image editing tool ImageMagick is related to reading data beyond the allowable range of memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
CVE-2026-53877
This CVE affects Django’s GIS GDALRaster: in Django 6.0 prior to 6.0.7 and 5.2 prior to 5.2.16, constructing GDALRaster from a bytes object causes an in-memory buffer over-read, potentially disclosing adjacent memory or triggering a segmentation fault when the vsi_buffer property is accessed. Ear...
NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX696604)
The remote NetScaler ADC formerly Citrix ADC or NetScaler Gateway formerly Citrix Gateway device is version 13.1 prior to 13.1-63.18, 14.1 prior to 14.1-72.61, 13.1-FIPS/NDcPP prior to 13.1-37.272, or 14.1-FIPS prior to 14.1-72.61. It is, therefore, affected by multiple vulnerabilities: -...
PYSEC-2026-702 Out-of-bounds Read in OpenCV
In OpenCV 3.3.1 corresponding with OpenCV-Python 3.3.1.11, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmthdr.cpp...
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service DoS condition. The vulnerabilities are...
CVE-2026-8451
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...
CVE-2026-10817
Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...
EUVD-2026-40317
Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...
CVE-2026-10817
CVE-2026-10817 is an “insufficient input validation leading to memory overread” affecting Citrix NetScaler ADC and NetScaler Gateway when TCP TimeStamp is enabled in the TCP profile and attached to a virtual server (LB, CS, VPN) or the service. Public sources consistently describe the root cause ...
EUVD-2026-40305
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...
CVE-2026-8451 Insufficient input validation leading to memory overread
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...
CVE-2026-8451
CVE-2026-8451 is a memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML IdP. The issue arises from insufficient input validation, related to the /saml/login path, enabling an unauthenticated attacker to read memory and potentially leak sensitive da...
PT-2026-53867
Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description Insufficient input validation leads to a memory overread when the TCP TimeStamp is enabled in the TCP Profile and is associated with a...
SUSE-SU-2026:2641-1 Security update for apache2
This update for apache2 fixes the following issues Update to 2.4.66 jscPED-16334: Security issues: - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in...
ROS-20260626-73-0010
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...