896 matches found
CVE-2026-57157
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...
EUVD-2026-43006
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...
CVE-2026-57158
CVE-2026-57158 affects FreeRDP clients using the GFX pipeline (versions 3.21.0–3.27.x) where the fix for CVE-2026-23530 in planar_decompress_plane_rle_only was incomplete. A malicious RDP server could send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input ...
CVE-2026-57257
CVE-2026-57257 impacts Foxit PDF Editor/Reader (PRC 3D BRep Renderer). During PRC parsing, there is a boundary-verification flaw for the PRC entity index, causing an out-of-bounds read of the entity array and resulting in a crash. CVSS: 6.1 (Local, Low attack complexity, User interaction required...
OESA-2026-2845 perl security update
Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Socket versions before 2.041 for Perl ha...
OESA-2026-2843 perl security update
Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Socket versions before 2.041 for Perl ha...
CVE-2026-56015
CVE-2026-56015 affects Net::IP::LPM v1.10 and earlier for Perl, enabling a heap out-of-bounds read when adding prefixes with unbounded lengths. The bug arises in addPrefixToTrie() which walks the prefix buffer by prefix_length bits without verifying it against the address width (4 bytes IPv4, 16 ...
dnsmasq: RRSIG rdlen underflow leading to heap OOB read
A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNSSEC validation. When processing RRSIG records, dnsmasq calculates the signature length by subtracting the fixed field size from the record's declared data length. A crafted RRSIG record with a data length smaller than the fixe...
Linux Distros Unpatched Vulnerability : CVE-2026-12892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NA...
SUSE-SU-2026:22382-1 Security update for giflib
This update for giflib fixes the following issue - CVE-2026-26740: heap out-of-bounds read when processing a specially crafted GIF file containing a GCE block with a truncated extension byte count bsc1259836...
CVE-2026-12340
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...
CVE-2026-12340 Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...
CVE-2026-12340
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...
EUVD-2026-39547
Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...
CVE-2026-12340
The CVE-2026-12340 issue is a concrete out-of-bounds heap read during SM2/SM3 certificate verification. Specifically, when parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier is computed by reading the trailing 65 bytes of the public key without verifying the key length fi...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh, where a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed ‘longname’ field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond the allocated memory on the heap. Thi...
CVE-2026-9539 libslirp TCP URG OOB Read Information Leak
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
CVE-2026-9539
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
EUVD-2026-38654
An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...
DEBIAN-CVE-2026-12892
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...