CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

DEBIAN-CVE-2025-32743

In ConnMan through 1.44, the lookup string in nsresolv in dnsproxy.c can be NULL or an empty string when the TC Truncated bit is set in a DNS response. This allows attackers to cause a denial of service application crash or possibly execute arbitrary code, because those lookup values lead to...

CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

Fedora 37 : httpd (2023-f6ff3f85eb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f6ff3f85eb advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Apache 2.4.x < 2.4.55 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities: - A crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header valu...

CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...