squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

JLSEC-2026-435 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or...

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Linux Distros Unpatched Vulnerability : CVE-2026-34734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a maliciou...

CLSA-2026-1774874340 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...

CVE-2026-32748

CVE-2026-32748 affects Squid, a web caching proxy. The issue is a heap Use-After-Free in ICP handling, allowing a remote attacker to cause Denial of Service when ICP is enabled (icp_port configured). The attack is remote, requires ICP support, and cannot be mitigated by icp_access rules. A fix is...

EUVD-2026-12179

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

GHSA-XXW5-M53X-J38C ImageMagick has heap use-after-free in the MSL encoder

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around t...

PT-2026-24353

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap out-of-bounds read exists in the CIccCalculatorFunc::ApplySequence function, which can cause an...

UBUNTU-CVE-2026-22857

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-2410)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

Linux Distros Unpatched Vulnerability : CVE-2021-44994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion ''JERRYCONTEXT jmemheapallocatedsize == 0'' failed at /jerry-core/jmem/jmem- heap.c in Jerryscript 3.0.0. CVE-2021-44994 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2021-41682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecmacompareecmanondirectstrings in JerryScript 2.4.0 CVE-2021-41682 Note that Nessus relies on t...

Linux Distros Unpatched Vulnerability : CVE-2020-1712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. ...

SUSE-SU-2025:02771-1 Security update for tiff

This update for tiff fixes the following issues: - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c bsc1247108 - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow when processing malformed TIFF files bsc1247106...

QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service...

OESA-2023-1826 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function...

Important: kernel

Issue Overview: A race condition between two functions, lmLogClose and txEnd, in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. CVE-2023-3397 In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to...

PT-2023-24400 · Python · Cpython

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 alpha 7 Description: A heap use-after-free issue was discovered via the function ascii decode at /Objects/unicodeobject.c. Recommendations: For CPython version 3.12.0 alpha 7, consider disabling the ascii decode functio...

Debian: Security Advisory (DLA-736-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...