CVE-2026-22855

CVE-2026-22855 affects FreeRDP prior to version 3.20.1, where a heap-out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. The vulnerability is fixed in FreeRDP 3.20.1. Impact per available data includes high confidentiality/availabi...

CVE-2026-22855 FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414326 advisory. In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c. Tenable has extracted the preceding description block directly from th...

CVE-2024-50246

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr allocsize check...

CVE-2023-47488

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attribmanagerid parameter in the General Information page and the id parameter in the contact page...

Combodo iTop Cross-Site Scripting Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management and other functions. A cross-site scripting vulnerability...

SUSE CVE-2009-4901

The MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service daemon crash via crafted SCARDSETATTRIB message data, which is improperly demarshalled and triggers a buffer over-read...

Nmap NSE net: ldap-search

Attempts to perform an LDAP search and returns all matches. If no username and password is supplied to the script the Nmap registry is consulted. If the ldap-brute' script has been selected and it found a valid account, this account will be used. If not anonymous bind will be used as a last...

pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages

The MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service daemon crash via crafted SCARDSETATTRIB message data, which is improperly demarshalled and triggers a buffer over-read...