486079 matches found
ROS-20260611-73-0012
The vulnerability of the cleardecompressresidualdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...
ROS-20260611-73-0011
The vulnerability of the cleardecompressresidualdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...
ROS-20260611-73-0006
The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to buffer overflow in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failure...
ROS-20260611-73-0008
The vulnerability of the gdiSurfaceToSurface function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service interruptions...
ROS-20260611-73-0007
The vulnerability of the gdiSurfaceToSurface function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service interruptions...
ROS-20260611-73-0001
The vulnerability of the URBDRC RDP-client-freeRDP device lies in unvalidated array indexing. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
ROS-20260611-73-0002
The vulnerability of the URBDRC RDP-client-freeRDP device lies in unvalidated array indexing. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
ROS-20260611-73-0026
The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260611-73-0025
The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260611-73-0018
The vulnerability of the updatepointernew function in the RDP client FreeRDP relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service failures...
ROS-20260611-73-0010
The vulnerability of the cleardecompress function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...
ROS-20260611-73-0030
The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Malicious code in zer0onedatetool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...
MAL-2026-5534 Malicious code in @thomlecter1122/lab-helper-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75adb75a0025882efbcde3ddd88882aaaedfd692425222eda99c148096f1f58a The package ships a postinstall lifecycle script seccheck.js that fires automatically on npm install. The script first checks whether the host has a...
CVE-2026-52726
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...
CVE-2026-50223
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
CVE-2026-46703
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...
CVE-2026-42305
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...
UBUNTU-CVE-2026-52726
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the porcelain.submoduleupdate module when handling attacker-controlled submodule paths from a crafted upstream repository without proper path validation. An attacker can achieve arbitrary code execution by crafti...