MiracleLinux 8 : freerdp-2.2.0-10.el8 (AXSA:2023-5972:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5972:03 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...

SUSE CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001344 advisory. An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001596 advisory. A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004611 advisory. A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001613 advisory. The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM...

CVE-2025-13844

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...

EUVD-2026-2706

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file SSD file into Rapsody...

Security Bulletin: Improper Drive Name Handling in Node.js path.join on Windows, affect watsonx.data

Summary A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root...

Schneider Electric EcoStruxure Power Build Rapsody resource management error vulnerability

Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform developed by Schneider Electric, a French company. Schneider Electric EcoStruxure Power Build Rapsody has a resource management vulnerability; this vulnerability stems from a double release issue during the import o...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002439 advisory. The rawcmdcopyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioc...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003116)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003116 advisory. An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002661 advisory. The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM...

CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

UBUNTU-CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

CVE-2026-22854 FreeRDP has a heap-buffer-overflow in drive_process_irp_read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

CVE-2026-22854

CVE-2026-22854 affects FreeRDP prior to 3.20.1 due to a heap-buffer-overflow in the drive_read path when a server-controlled read length writes file data into an IRP output stream buffer without a hard upper bound. This can allow an oversized read to overwrite heap memory. The vulnerability is la...

CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...