CVE-2026-10305

Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd...

CVE-2026-10305

CVE-2026-10305 describes an out-of-bounds read in Samsung Open Source rlottie, affecting rlottie up to but not including commit 223a2a41ba4f462e4abe767bebba49a366c9b9fd. The vulnerability allows buffer overreads, with CVSSv3.1: 6.1 (MEDIUM) — LOCAL attack vector, NO privileges required, USER inte...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Prior to PostgreSQL 18.4, there was a security vulnerability...

libsoup 数字错误漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a numerical error vulnerability, which stems from integer underflow when handling zero-length resources, leading to excessive buffer reading...

MiracleLinux 7 : libexif-0.6.21-7.el7 (AXSA:2020-162:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-162:02 advisory. libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS CVE-2020-13112 Tenable has extracted the preceding...

MiracleLinux 4 : libexif-0.6.21-6.AXS4 (AXSA:2020-137:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-137:01 advisory. libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS CVE-2020-13112 Tenable has extracted the preceding...

CVE-2025-12056

Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...

CVE-2025-12056

CVE-2025-12056 affects Shelly Pro 3EM (three‑phase energy meter). A specially crafted Modbus request can trigger an illegal data address read, leading to a device reboot and a denial‑of‑service. Vulnerable in versions before 1.4.4; fixed in 1.4.4+. No known public exploitation; CISA notes potenti...

PT-2025-47441

Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...

BIT-MONGODB-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to...

Security update for gimp

This update for gimp fixes the following issues: CVE-2025-48797: Fixed two buffer over-reads and one heap-based buffer overflow in its TGA parser bsc1243711. CVE-2025-48798: Fixed two use-after-free bugs and one double free bug in its XCF parser bsc1243712. Patch Instructions: To install this SUS...

Debian dla-4070 : freerdp2-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4070 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4070-1 [email protected]...

[SECURITY] [DLA 4070-1] freerdp2 security update and regression fix

Debian LTS Advisory DLA-4070-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost February 27, 2025 https://wiki.debian.org/LTS Package : freerdp2 Version : 2.3.0+dfsg1-2+deb11u3 CVE ID : CVE-2022-24882 CVE-2022-39320 Debian Bug : 1024511 1098355 Multiple vulnerabilties...

CLSA-2025-1738695324 php: Fix of CVE-2024-8929

CVE-2024-8929: fix various heap buffer over-reads...

CVE-2024-10921

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to...

PT-2024-8210

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 5.0.30 MongoDB Server versions prior to 6.0.19 MongoDB Server versions prior to 7.0.15 MongoDB Server versions prior to and including 8.0.2 Description: The issue is related to the construction of malformed BS...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9 and earlier versions, which stems from the use of NPN that can lead ...

BACnet Stack Security Vulnerability

BACnet Stack is a BACnet open source protocol stack C library for embedded systems, Linux, MacOS, BSD and Windows. A security vulnerability exists in BACnet Stack versions prior to 1.3.2 that stems from the presence of buffer over-reads...

GHSA-Q669-2VFG-CXCG Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...