1577 matches found
freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdi_CacheToSurface
A flaw was found in FreeRDP.If a user connects to a malicious Remote Desktop RDP server, a security flaw in FreeRDP could cause the application to crash or allow the server to run unauthorized code on the user's system...
ROS-20260707-73-0014
The vulnerability of the gdiCacheToSurface function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause a service failure by sending specially crafted RDPGFX packets...
CVE-2026-46584
CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...
EUVD-2026-40699
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14011
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14011
The affected component is Google Chrome (SurfaceCapture) with an out-of-bounds read vulnerability in versions prior to 150.0.7871.47. The issue could allow a remote attacker to read memory via a crafted HTML page. Severity is described as Medium by Chromium, with CVSS-driven impact: Confidentiali...
CVE-2026-14011
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
PT-2026-54287
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read exists in SurfaceCapture, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when th...
PYSEC-2026-438 OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes
OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...
PYSEC-2026-494 Excessive Attack Surface in pyload-ng
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure
HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...
EUVD-2026-38060
js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...
MAL-2026-6535 Malicious code in disksweep (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31a2c10aba7f3468458529214868e2d8acd9717eb7985c47ab10cf4aed64f87c The package ships a 2.9 MB Windows PE32+ executable at bin/native/parser.node sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server could trigger a heap buffer overflow in FreeRDP clients by using the GDI surface pipeline e.g., xfreerdp to send an RDPGFX ClearCodec surface command with an out-of-bounds destination...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reused a cached XImage, where the data pointer referred to an RDPGFX surface buffer that had been freed. This was because gdiDeleteSurface freed surface-data without invalidating...
ROS-20260624-73-0009
The vulnerability of the gdisurfacebits function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Astra Linux – Vulnerability in libsdl1.2
SDL Simple DirectMediaLayer from version 1.2.15 to 2.x, and from 2.0.9 to 2.0.9, has a heap-based buffer overflow issue in the SDLFillRect function within the video/SDLsurface.c file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for file systems will collapse the THP for files that are opened in read-only mode and mapped with VMEXEC. The intended use case is to avoid TLB misses f...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add a missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed using ssamrequestsyncfree. Currently, the request is instead leaked. F...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK before 2.32.4, there is an incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, which leads to a segmentation violation and an application crash. This is a different vulnerability than CVE-2021-30889...