Lucene search
K

433 matches found

The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.5 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6AI score0.00485EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Mbed TLS before versions 2.28.1 and 3.x, prior to 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server, causing a heap-based buffer overflow of up to 255 bytes. This can lead to a server crash or,...

9.1CVSS8.6AI score0.01831EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in leptonlib

Leptonica before 1.80.0 allows an excessive read of the heap-based buffer in pixReadFromTiffStream, related to tiffio.c...

7.5CVSS7.3AI score0.02356EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in leptonlib

Leptonica before 1.80.0 allows an over-reading of the heap-based buffer in rasteropGeneralLow, related to adaptmapreg.c and adaptmap.c...

7.5CVSS7.4AI score0.02574EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libmaxminddb

In libmaxminddb before version 1.4.3, there is a heap-based buffer over-read issue in dumpentrydatalist in maxminddb.c...

6.5CVSS6.8AI score0.02133EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libgd2

In the GD Graphics Library also known as LibGD, from version 2.2.5 onwards, there is a heap-based buffer over-read issue in tiffWriter within the gdtiff.c file. NOTE: The vendor states that “In my opinion, this issue should not have a CVE, since the GD and GD2 formats are documented as ‘obsolete’...

8.1CVSS7.3AI score0.01267EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/17 2:4 p.m.8 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS5.6AI score0.00398EPSS
Exploits0
CVE
CVE
added 2026/06/17 2:4 p.m.140 views

CVE-2026-48142

CVE-2026-48142 affects the ngx_http_charset_module in NGINX Plus and NGINX Open Source. When a location block uses both source_charset utf-8 and a charset directive (e.g., charset koi8-r), remote unauthenticated attackers can trigger a heap buffer over-read in the NGINX worker process, causing me...

6.3CVSS5.6AI score0.00398EPSS
Exploits0References1Affected Software7
RedhatCVE
RedhatCVE
added 2026/06/12 9:38 a.m.9 views

CVE-2026-47166

A flaw was found in ImageMagick, a widely used software for image editing. An attacker with high privileges and local access could exploit a vulnerability in the magick -distribute-cache service. By causing a heap buffer over-read, this could lead to the disclosure of sensitive information and...

6CVSS5.3AI score0.00093EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.10 views

SUSE CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-45359

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

7.1CVSS0.00122EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/10 9:51 p.m.9 views

CVE-2026-47166

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versio...

5.7CVSS5.6AI score0.00093EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 9:26 p.m.10 views

EUVD-2026-36160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

5.7CVSS5.5AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 10:49 p.m.11 views

EUVD-2026-35858

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 5:17 p.m.15 views

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS0.00513EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 2:16 p.m.10 views

CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

6.3CVSS0.00177EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.20 views

EulerOS Virtualization 2.13.1 : libpng (EulerOS-SA-2026-2135)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

8.3CVSS5.8AI score0.00955EPSS
Exploits9References7
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.13 views

RHEL 10 : ovn25.09 (RHSA-2026:22111)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22111 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

8.6CVSS5.9AI score0.00868EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/05/27 9:42 p.m.18 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References5
Rows per page
Query Builder