poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

SUSE CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

UBUNTU-CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004881 advisory. In the Linux kernel, the following vulnerability has been resolved: memstick/msblock: Fix a memory leak 'erasedblocksbitmap' is never freed. As it is allocated at th...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004838)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004838 advisory. In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmapzalloc must be balanced by a correspondi...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004832)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004832 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of mdbitmapgetcounter Check the return value of...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35787)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35787 advisory. - In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usag...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38100)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38100 advisory. - In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIFIOBITMAP inconsistenci...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38218)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38218 advisory. - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2019-25160)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-25160 advisory. - In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memo...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56763)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56763 advisory. - In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for...

kernel: Linux kernel: iommufd/iova_bitmap shift-out-of-bounds vulnerability

A flaw was found in the Linux kernel's iommufd/iovabitmap component. This vulnerability allows a local attacker with low privileges to cause a system crash or denial of service via a shift-out-of-bounds error...

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

SUSE CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client-side use after free, causing a crash DoS and...

ImageMagick input validation vulnerability

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-13 and 6.9.13-38 contained a vulnerability related to input validation errors. This vulnerability...

CVE-2026-23884

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

CVE-2026-23530

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...