CVE-2026-23533

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...

EUVD-2026-3315

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...

CVE-2026-23533

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...

CVE-2026-23532

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...

CVE-2026-23532 FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...

CVE-2026-23531

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

CVE-2026-23531

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash DoS...

MiracleLinux 7 : wget-1.14-15.el7.1 (AXSA:2017-2381:03)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2381:03 advisory. A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting...

Linux Distros Unpatched Vulnerability : CVE-2026-23532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client's...

transfig security update

An update is available for transfig. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The transfig utility creates a makefile which translates FIG created by xfig...

MiracleLinux 4 : firefox-52.6.0-1.0.1.AXS4 (AXSA:2018-2539:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2539:01 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,...

MiracleLinux 4 : nss-3.28.4-4.AXS4 (AXSA:2017-2306:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2306:02 advisory. A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw ...

MiracleLinux 4 : thunderbird-52.3.0-1.AXS4 (AXSA:2017-2023:05)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2023:05 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or,...

MiracleLinux 4 : thunderbird-52.5.2-1.AXS4 (AXSA:2018-2506:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2506:01 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or,...

Flexense DiskPulse Enterprise security vulnerabilities

Flexense DiskPulse Enterprise is a centralized report database server offered by Flexense DiskPulse Corporation. Version 13.6.14 of Flexense DiskPulse Enterprise contains a security vulnerability. This vulnerability stems from the use of service paths without quotes in Windows service...

MiracleLinux 4 : thunderbird-52.4.0-2.AXS4 (AXSA:2017-2327:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2327:06 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or,...

[SECURITY] [DSA 6101-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6101-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 15, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6100-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6100-1 [email protected] https://www.debian.org/security/ Andres Salomon January 14, 2026 https://www.debian.org/security/faq -...

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2026-1096)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...