CLSA-2026-1771010890 freerdp: Fix of 5 CVEs

CVE-2026-22859: fix out-of-bounds access due to missing interface index validation in urbdrc channel - CVE-2026-23732: fix out-of-bounds read due to missing input length check in glyph conversion - CVE-2026-23883: fix integer overflow in cursor pixel allocation and surface-to-surface rectangle...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_8

This update for kernel-livepatch-MICRO-6-0-RTUpdate8 fixes the following issues: CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 CVE-2025-38471: kernel: tls: always refresh the queue when...

EUVD-2020-1546

Malware in sbrugna...

CVE-2020-0039

In rwi93smupdatendef of rwi93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

CLSA-2024-1727692412 kernel: Fix of 5 CVEs

sch/netem: fix use after free in netemdequeue CVE-2024-46800 - VMCI: Fix use-after-free when removing resource in vmciresourceremove CVE-2024-46738 - drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber CVE-2024-46724 - drm/amdgpu: fix ucode out-of-bounds read warning CVE-2024-46723 -...

SUSE CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start...

CVE-2024-35937

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more...

CVE-2024-35937

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more...

CVE-2024-35937

CVE-2024-35937 affects the Linux kernel wifi stack: cfg80211 A-MSDU handling can read data out of bounds if a subframe header appears but is not fully present. The vulnerability root cause is insufficient validation of A-MSDU subframes; the fix tightens checks to ensure a subframe header can actu...

DEBIAN-CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

CVE-2021-29590

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

FreeRDP Buffer Overflow Vulnerability (CNVD-2020-31410)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in the ntlmreadChallengeMessage file in winpr/libwinpr/sspi/NTLM/ntlmmessage.c in versions of FreeRDP prior to 2.1.1. The vulnerability stems from a networked...

NVIDIA Display driver ioctl buffer overflow vulnerability

NVIDIA graphics driver is a graphics driver from NVIDIA, USA. ioctl is one of the input/output control components. A buffer overflow vulnerability exists in ioctl in NVIDIA Display driver Linux versions prior to 295.53. The vulnerability stems from a networked system or product performing...

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2020-28244)

NETGEAR D7800 and others are products of NETGEAR, Inc.NETGEAR D7800 is a wireless modem.NETGEAR R7500 is a wireless router.NETGEAR D6100 is a wireless modem.NETGEAR R7500 is a wireless router.NETGEAR R7500 is a wireless router.NETGEAR R7500 is a wireless router.NETGEAR R7500 is a wireless...

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out-of-bounds write in dsi_opensess.c due to missing bounds checking on attacker-controlled data. A remote unauthenticated attacker could achieve arbitrary code execution (potentially with root privileges). Public exploit activity exists (authentication ...

CVE-2018-5378

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

PHP Calendar Extension Remote Integer Overflow Vulnerability

PHP is a widely used general purpose scripting language. A remote integer overflow vulnerability exists in PHP Calendar Extension because it fails to fulfill sufficient bounds checks on user-supplied data. An attacker could exploit this vulnerability to execute arbitrary code in the context of th...