CVE-2026-22857 FreeRDP has a heap-use-after-free in irp_thread_func

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

CVE-2026-22857

CVE-2026-22857 affects FreeRDP’s irp_thread_func, where a heap use-after-free occurs because the IRP is freed by irp->Complete() and then accessed again on the error path. The description specifies this is fixed in FreeRDP 3.20.1. Connected advisories for multiple distributions (e.g., SUSE/Ope...

CVE-2025-40007

CVE-2025-40007 — Linux kernel netfs reference leak (concrete details) The issue is in netfs: fix reference leak inside the Linux kernel’s netfs code. A commit (20d72b00ca81) changed netfs_alloc_request() to initialize the reference counter to 2 instead of 1, under the assumption that the request’...

Unbreakable Enterprise kernel security update

5.4.17-2136.341.3.1 - Revert 'NFSD: Limit the number of concurrent async COPY operations' Sherry Yang Orabug: 37667080 5.4.17-2136.341.3 - iouring: fix possible deadlock in ioregisteriowqmaxworkers Hagar Hemdan Orabug: 37565787 - iouring/rw: fix missing NOWAIT check for ODIRECT start write Jens...

Callback Technologies CBFS Filter 代码问题漏洞

Callback Technologies CBFS Filter is an interceptor from Callback Technologies, USA. Allows you to intercept and react to file system, registry and process manager operations as they occur. A code issue vulnerability exists in Callback Technologies CBFS Filter version 20.0.8317, which stems from ...

IOBit Advanced SystemCare 安全漏洞

Advanced SystemCare Ultimate, a Windows optimization suite from Iobit that analyzes system performance bottlenecks, is vulnerable to an elevation of privilege vulnerability in Advanced SystemCare Ultimate version 14.2.0.220. A local attacker can exploit this vulnerability by sending a malicious I...

Iobit IOBit Advanced SystemCare 访问控制错误漏洞

Advanced SystemCare Ultimate is a Windows optimization suite from Iobit that analyzes system performance bottlenecks. advanced SystemCare Ultimate version 14.2.0.220 contains an elevation of privilege vulnerability. An attacker can exploit the vulnerability by sending a malicious I/O request pack...

NZXT CAM Privilege Permission and Access Control Issues Vulnerability (CNVD-2020-73166)

NZXT CAM is a performance monitoring software for gaming computers from NZXT USA. The software can be used to manage computer performance, temperature, and devices to ensure that the computer is at optimal performance. NZXT CAM 4.8.0 suffers from a Privilege Permission and Access Control Issues...

CVE-2020-13515

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability...

CVE-2020-13513

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that...

CVE-2020-13518

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

NZXT CAM Permission License and Access Control Issues Vulnerability

NZXT CAM is a performance monitoring software for gaming computers from NZXT USA. The software can be used to manage computer performance, temperature, and devices to ensure that the computer is at optimal performance. NZXT CAM version 4.8.0 suffers from a Privilege Permission and Access Control...

NZXT CAM 授权问题漏洞

NZXT CAM is a performance monitoring software for gaming computers from NZXT USA. The software can be used to manage computer performance, temperature, and devices to ensure that the computer is at optimal performance. NZXT CAM version 4.8.0 has an authorization issue vulnerability that stems fro...

CVE-2018-3990

An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An...

Xen Denial of Service and Elevation of Privilege Vulnerabilities

Xen is an open source virtual machine monitor developed by the Xen Project. A Denial of Service and Elevation of Privilege vulnerability exists in Xen 4.11, which stems from a failure to properly handle x86 IOREQ server resource accounting for use with external emulators and can be exploited by a...

ALPINE-CVE-2018-19963

An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because x86 IOREQ server resource accounting for external emulators was mishandled...