OESA-2026-2565 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

CVE-2026-32853 LibVNCServer UltraZip Encoding Heap Out-of-bounds Read

LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the...

CVE-2025-49012 Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs...

DEBIAN-CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

security flaw

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service process crash via a handle without a policy name, which causes a null dereference...

CVE-2003-0925

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string...