2219 matches found
DD-WRT security vulnerabilities
DD-WRT is an open-source alternative firmware based on Linux, developed by DD-WRT. It is suitable for various WLAN routers and embedded systems. Version DD-WRT 45723 contains a security vulnerability, which stems from a buffer overflow in the UPNP network discovery service. This vulnerability cou...
Improper Handling Of Unsafe Deserialization
fickling is vulnerable to improper handling of unsafe deserialization. The vulnerability is due to Fickling not treating Python’s cProfile module as unsafe, which results in malicious pickles using cProfile.run being misclassified as SUSPICIOUS instead of OVERTLYMALICIOUS, allowing an attacker to...
SUSE CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
MiracleLinux 8 : openjpeg2-2.4.0-4.el8 (AXSA:2021-2593:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2593:01 advisory. openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor CVE-2020-15389 openjpeg...
MiracleLinux 8 : gnupg2-2.2.20-4.el8_10 (AXSA:2026-045:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-045:02 advisory. GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 Tenable has extracted the preceding...
CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23533
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
CVE-2026-23533
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...
CVE-2026-23884 Heap-use-after-free in gdi_set_bounds
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23884 Heap-use-after-free in gdi_set_bounds
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...
CVE-2026-23531
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...
CVE-2026-23531
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...
UBUNTU-CVE-2026-23532
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...
CVE-2026-23534 FreeRDP has heap-buffer-overflow in clear_decompress_bands_data
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...
CVE-2026-23533 FreeRDP has heap-buffer-overflow in clear_decompress_residual_data
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...
CVE-2026-23533
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...