SUSE CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR's NDR array reader does not perform bounds checking on the on-wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

MiracleLinux 7 : firefox-60.1.0-5.0.1.el7 (AXSA:2018-3259:05)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3259:05 advisory. Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 CVE-2018-5188 Mozilla: Buffer overflow using computed size o...

CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

CVE-2026-22853 FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

MiracleLinux 4 : nspluginwrapper-1.4.4-1.AXS4 (AXSA:2012-1033:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-1033:01 advisory. nspluginwrapper makes it possible to use Netscape 4 compatible plugins compiled for x8664 into Mozilla for another architecture, e.g. x8664. This package...

Security Bulletin: Uncontrolled Resource Consumption Vulnerability in Apache Commons IO XmlStreamReader, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended ...

CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter...

CVE-2018-21236

An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference...

CVE-2018-14442

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs...

CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

CVE-2018-19446

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

CVE-2018-19347

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting...

CVE-2018-19341

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at...

CVE-2018-19448

In Foxit Reader SDK ActiveX Professional 5.4.0.1031, an uninitialized object in IReaderContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveragin...

CVE-2018-19345

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at...

CVE-2018-19444

A use after free in the TextBox field Validate action in IReaderContentProvider can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free locatio...

CVE-2018-19450

A command injection can occur for specially crafted PDF files in Foxit Reader SDK ActiveX 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution...

CVE-2018-19342

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at...