Lucene search
+L

243 matches found

OSV
OSV
added 2026/07/10 7:49 p.m.5 views

CVE-2026-57158 FreeRDP planar_decompress_plane_rle_only: heap OOB read — incomplete fix for CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

5.1CVSS6.1AI score0.0069EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.10 views

PT-2026-57295

Name of the Vulnerable Software and Affected Versions FreeRDP versions 3.21.0 through 3.27.0 Description FreeRDP clients using the GFX pipeline contain an incomplete fix in the planar decompress plane rle only function within libfreerdp/codec/planar.c. This allows a malicious RDP server to send a...

9.8CVSS6.1AI score0.00698EPSS
Exploits3References13
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.15 views

RockyLinux 10 : freerdp (RLSA-2026:36203)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:36203 advisory. freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdiCacheToSurface CVE-2026-40033 freerdp: FreeRDP: Arbitrary code execution or deni...

9.8CVSS7.4AI score0.03453EPSS
Exploits5References11
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40491

Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00351EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.5 views

CVE-2026-13805

Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00351EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.19 views

CVE-2026-13805

CVE-2026-13805 is a use-after-free vulnerability in the GFX component of Google Chrome on macOS, fixed in Chrome 150.0.7871.47 and later. The issue allowed a remote attacker to execute arbitrary code via a crafted HTML page; severity is High. Affected are Chrome builds prior to 150.0.7871.47. Rem...

8.8CVSS6.2AI score0.00351EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 4:32 a.m.11 views

CVE-2026-10891

An use after free flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513160681...

8.8CVSS5.4AI score0.00325EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.12 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of GFX components after their release, which could allow remote attackers to exploit heap corruption...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 9:27 a.m.5 views

SUSE-SU-2026:21936-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

7.8CVSS6.4AI score0.03663EPSS
Exploits17References13
RedhatCVE
RedhatCVE
added 2026/05/29 12:13 a.m.15 views

CVE-2026-9936

An use after free flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502104354...

9CVSS5.7AI score0.00222EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 11:16 p.m.13 views

CVE-2026-9936

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00222EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 6:16 p.m.17 views

CVE-2026-9117

A type confusion flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497542537...

8.2CVSS5.7AI score0.00265EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 8:16 p.m.14 views

CVE-2026-9117

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: High...

7.5CVSS0.00265EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/20 7:12 p.m.22 views

CVE-2026-9117

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: High...

7.5CVSS5.8AI score0.00265EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cpeccerrorirq only when enabling legacy gfx ras gfx9 cpeccerrorirq is only enabled when legacy gfx ras is assert. So in gfxv90hwfini, interrupt disablement for cpeccerrorirq should be executed under...

7.8CVSS6.3AI score0.00153EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Added missing gfx11 MQD manager callbacks. The mqdstride function was introduced in commit 2f77b9a242a2 "drm/amdkfd: Update MQD management on multi XCC setup", but it wasn’t assigned to gfx11. This issue is fixed by...

5.3AI score0.00163EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, use the /gfx or /rfx modes default setting; requires...

9.8CVSS8AI score0.01958EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 2:41 a.m.58 views

CVE-2025-66664

Insufficient parameter sanitization in AMD Secure Processor ASP TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDLOADGFXIPFW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception...

4.6CVSS0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 10:33 p.m.13 views

CVE-2026-7950

An out of bounds read and write flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496259890...

8.8CVSS5.7AI score0.00171EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.11 views

SUSE CVE-2026-7950

Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
Rows per page
Query Builder