5777 matches found
CLSA-2026-1779191237 postfix: Fix of CVE-2026-43964
CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...
CLSA-2026-1779190223 opensc: Fix of 5 CVEs
CVE-2023-5992: implement constant-time PKCS1 v1.5 depadding to prevent Bleichenbacher/Marvin-style timing attacks - CVE-2025-49010: fix stack buffer overflow write in iso7816 GET RESPONSE - CVE-2025-66037: fix out-of-bounds heap read in scpkcs15pubkeyfromspkifields - CVE-2025-66038: fix buffer...
CLSA-2026-1779182686 postfix: Fix of CVE-2026-43964
CVE-2026-43964: fix buffer over-read on enhanced status code without trailing text...
CLSA-2026-1779181947 postfix: Fix of CVE-2026-43964
CVE-2026-43964: fix buffer over-read on enhanced status code without trailing text...
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
When performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments...
GHSA-PFVH-M9XV-8966 ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
When performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments...
GHSA-VVMG-8MJR-G6Q3 OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
Summary OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. Details In...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the connected-components when an invalid value is supplied to the keep-top parameter. An attacker can access sensitive memory contents or cause a partial denial of service by providing a specially...
Improper Validation of Array Index
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
ImageMagick: Heap Buffer Over-Read in IPTC encoder
When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte...
JLSEC-2026-508
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthesescope in prelexer.hpp...
JLSEC-2026-509
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp...
JLSEC-2026-506
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in astselweave.cpp...
CLSA-2026-1779096347 postfix: Fix of CVE-2026-43964
CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...
BIT-POSTGRESQL-2026-6575 PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array
Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...
CLSA-2026-1778938383 Fix CVE(s): CVE-2026-43964
SECURITY UPDATE: Fix buffer over-read in DSN code parsing dsnsplit - debian/patches/CVE-2026-43964.patch: Fix buffer over-read in DSN code parsing dsnsplit - CVE-2026-43964...
CLSA-2026-1778874422 postfix: Fix of CVE-2026-43964
CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...
CVE-2026-43964
A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...
OESA-2026-2319 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...
OESA-2026-2316 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...