Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Do not check if plane-state-fb == state-fb Currently, when using non-blocking commits, the following kernel warning is observed: 110.908514 ------------ Cut here ------------ 110.908529 refcountt: Underflow; Use after...

CLSA-2026-1778879662 samba: Fix of CVE-2023-42669

CVE-2023-42669: disable rpcecho server by default; rpcecho allowed a blocking sleep in the single-threaded rpc worker, enabling a DoS...

curl: libssh SFTP initialization ignores CURLOPT_TIMEOUT, hangs indefinitely

Hi all, The libssh backend in lib/vssh/libssh.c ignores CURLOPTTIMEOUT / --max-time during SFTP subsystem negotiation. A server that completes SSH authentication and then stalls before answering the SSHFXPINIT packet will pin the curl process indefinitely — no timeout fires, no error is returned,...

SUSE CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

RHEL 9 : freerdp (RHSA-2026:16866)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16866 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

EUVD-2026-29390

An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...

ALSA-2026:16482 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Denial of service due to use-after-free vulnerability...

Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Denial of service due to use-after-free vulnerability...

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017427 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenS...

SUSE CVE-2026-43265

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit,...

PT-2026-38474

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

CVE-2026-43265

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for x86 architectures. A local user or a malicious guest operating system could manipulate the virtual CPU vCPU state by injecting events while the vCPU is in a blocking state. This could lead to a spurious exit to userspace,...

EUVD-2026-27806

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

CVE-2026-43265 KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit,...

CVE-2026-43245

CVE-2026-43245 affects the Linux kernel NTFS driver. The root cause is that ntfs: ->d_compare() could block, with related memory-allocation issues in names_cachep. The authenticated fixes switch critical paths to non-blocking allocations: use kmalloc(PATH_MAX, GFP_NOWAIT) for the path/name han...