2571 matches found
CVE-2026-57076
A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...
Security update for nasm (low)
openSUSE security update: security update for nasm ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21333-1 Rating: low References: bsc1261985 bsc1261986 Cross-References: CVE-2026-6067 CVE-2026-6068 CVSS scores: CVE-2026-6067 SUSE : 3.3...
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
CVE-2026-61857
A flaw was found in ImageMagick. This vulnerability allows a remote attacker to cause the application to crash. The issue stems from improper handling of XMP Extensible Metadata Platform profiles within image files. By crafting a malicious image with specially designed XMP data, an attacker can...
DEBIAN-CVE-2026-61857
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
UBUNTU-CVE-2026-61857
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
CVE-2026-61857 ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
CVE-2026-61857 ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
OESA-2026-2885 util-linux security update
The util-linux package contains a random collection of files that implements some low-level basic linux utilities. Security Fixes: A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw point...
Linux Distros Unpatched Vulnerability : CVE-2026-56297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback...
CVE-2026-56000
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent pointing into potentially reallocated memory...
CVE-2026-56000 xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent pointing into potentially reallocated memory...
CVE-2026-56000
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent pointing into potentially reallocated memory...
CVE-2026-56000
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent pointing into potentially reallocated memory...
RockyLinux 10 : freerdp (RLSA-2026:36203)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:36203 advisory. freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdiCacheToSurface CVE-2026-40033 freerdp: FreeRDP: Arbitrary code execution or deni...
PT-2026-56335
Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 21.2.24 xwayland versions prior to 24.1.13 Description Local attackers with an X connection can cause a Heap Use After Free, a condition where the system continues to use a memory address after it has been freed,...
openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
Important: Red Hat Security Advisory: compat-openssl10 security update
An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
RHEL 10 : freerdp (RHSA-2026:36203)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:36203 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
ALSA-2026:36215 Important: compat-openssl10 security update
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: Heap...