CVE-2026-10305

Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd...

CVE-2026-10305

CVE-2026-10305 describes an out-of-bounds read in Samsung Open Source rlottie, affecting rlottie up to but not including commit 223a2a41ba4f462e4abe767bebba49a366c9b9fd. The vulnerability allows buffer overreads, with CVSSv3.1: 6.1 (MEDIUM) — LOCAL attack vector, NO privileges required, USER inte...

RockyLinux 8 : httpd:2.4 (RLSA-2026:22140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Prior to PostgreSQL 18.4, there was a security vulnerability...

Fedora 43 : glibc (2026-4b7780802c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4b7780802c advisory. This update provides various security fixes. Buffer overflow in scanf %mc CVE-2026-5450 nssprintrrf buffer overreads CVE-2026-6238 nssprintrrf buffe...

SUSE-SU-2026:20523-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running pngimage bsc1257364. - CVE-2025-28164: memory leaks when running pngimage bsc1257365. - CVE-2026-22695: heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: integer truncation...

libsoup 数字错误漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a numerical error vulnerability, which stems from integer underflow when handling zero-length resources, leading to excessive buffer reading...

MiracleLinux 8 : libexif-0.6.21-17.el8 (AXSA:2020-249:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-249:03 advisory. libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS CVE-2020-13112 Tenable has extracted the preceding...

MiracleLinux 7 : libexif-0.6.21-7.el7 (AXSA:2020-162:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-162:02 advisory. libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS CVE-2020-13112 Tenable has extracted the preceding...

MiracleLinux 4 : libexif-0.6.21-6.AXS4 (AXSA:2020-137:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-137:01 advisory. libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS CVE-2020-13112 Tenable has extracted the preceding...

CVE-2025-12056

Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...

CVE-2025-12056

CVE-2025-12056 affects Shelly Pro 3EM (three‑phase energy meter). A specially crafted Modbus request can trigger an illegal data address read, leading to a device reboot and a denial‑of‑service. Vulnerable in versions before 1.4.4; fixed in 1.4.4+. No known public exploitation; CISA notes potenti...

PT-2025-47441

Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...

BIT-MONGODB-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to...

SUSE-SU-2025:03164-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels bsc1248076. - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077. -...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels bsc1248076. CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077...

Security update for gimp

This update for gimp fixes the following issues: CVE-2025-48797: Fixed two buffer over-reads and one heap-based buffer overflow in its TGA parser bsc1243711. CVE-2025-48798: Fixed two use-after-free bugs and one double free bug in its XCF parser bsc1243712. Patch Instructions: To install this SUS...

OESA-2025-1441 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-re...

Debian dla-4070 : freerdp2-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4070 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4070-1 [email protected]...