12744 matches found
httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...
postgresql: PostgreSQL: Information disclosure via buffer over-read in pg_restore_attribute_stats()
A flaw was found in PostgreSQL. This buffer over-read vulnerability in the pgrestoreattributestats function allows a table maintainer to infer memory values. By providing array values of unmatched length, a malicious table maintainer can cause query planning to read past the end of an array,...
BIT-NGINX-2026-48142 NGINX ngx_http_charset_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
Low: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CV...
RHEL 8 : libxml2 (RHSA-2026:27737)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27737 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...
RockyLinux 10 : postfix (RLSA-2026:25930)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25930 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...
Astra Linux – Vulnerability in Linux
A buffer overflow at the framebuffer layer in the fbcon code within the Linux kernel, prior to version 5.8.15, could be exploited by local attackers to read kernel memory, referred to as CID-6735b4632def...
CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
CVE-2026-48142
CVE-2026-48142 affects the ngx_http_charset_module in NGINX Plus and NGINX Open Source. When a location block uses both source_charset utf-8 and a charset directive (e.g., charset koi8-r), remote unauthenticated attackers can trigger a heap buffer over-read in the NGINX worker process, causing me...
RLSA-2026:25932 Important: postfix security update
The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...
libxml2 security update
An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...
RockyLinux 9 : postfix (RLSA-2026:26205)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26205 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...
postgresql: PostgreSQL: Information disclosure via buffer over-read in pg_restore_attribute_stats()
A flaw was found in PostgreSQL. This buffer over-read vulnerability in the pgrestoreattributestats function allows a table maintainer to infer memory values. By providing array values of unmatched length, a malicious table maintainer can cause query planning to read past the end of an array,...
postfix: buffer over-read via malformed enhanced status code
A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...
Important: Red Hat Security Advisory: postfix security update
An update for postfix is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2026:26354 Low: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c CVE-2024-34459 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Important: Red Hat Security Advisory: postfix security update
An update for postfix is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
AlmaLinux 10 : postfix (ALSA-2026:25930)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25930 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the AlmaLinux...
RHEL 8 : postfix (RHSA-2026:25932)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25932 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffe...