64 matches found
SUSE CVE-2026-26965
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to a Out-of-Bounds Read vulnerability in the nscrledecompressdata function. The Out-of-Bounds Read vulnerability occurs because the function processes...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: gitea-fips, k9s-fips, rancher-fleet-fips, gitleaks, kubernetes-csi-driver-nfs-fips, regclient-fips, kube-conformance, flux-source-controller, prometheus-podman-exporter-fips, envoy-gateway, datadog-agent-fips, flux-source-watcher, aws-flb-firehose, kubevela-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: gitea-fips, k9s-fips, rancher-fleet-fips, gitleaks, kubernetes-csi-driver-nfs-fips, regclient-fips, kube-conformance, flux-source-controller, prometheus-podman-exporter-fips, envoy-gateway, datadog-agent-fips, flux-source-watcher, aws-flb-firehose, kubevela-fips,...
Oracle Linux 8 : freerdp (ELSA-2026-6918)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6918 advisory. 2:2.11.7-6 - Fix use of nscprocessmessage Resolves: RHEL-155984 2:2.11.7-5 - Backport several CVE fixes Resolves: RHEL-147954, RHEL-147955, RHEL-147970...
freerdp security update
2:2.11.7-6 - Fix use of nscprocessmessage Resolves: RHEL-155984 2:2.11.7-5 - Backport several CVE fixes Resolves: RHEL-147954, RHEL-147955, RHEL-147970, RHEL-147977, RHEL-147980 Resolves: RHEL-148002, RHEL-148014, RHEL-148031, RHEL-148906, RHEL-148996 Resolves: RHEL-149007, RHEL-149056, RHEL-1559...
freerdp security update
2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes Resolves: RHEL-147948, RHEL-147949, RHEL-147956, RHEL-147963, RHEL-147964 Resolves: RHEL-147972, RHEL-147979, RHEL-147984, RHEL-147985, RHEL-148898...
Oracle Linux 10 : freerdp (ELSA-2026-6799)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6799 advisory. 2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes...
freerdp security update
2:2.11.7-1.5 - Fix use of nscprocessmessage Resolves: RHEL-155993 2:2.11.7-1.4 - Backport several CVE fixes Resolves: RHEL-148046, RHEL-148049, RHEL-148054, RHEL-148061, RHEL-148079 Resolves: RHEL-148094, RHEL-148096, RHEL-148104, RHEL-148939, RHEL-149029 Resolves: RHEL-149042, RHEL-149065,...
Oracle Linux 9 : freerdp (ELSA-2026-6340)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6340 advisory. 2:2.11.7-1.5 - Fix use of nscprocessmessage Resolves: RHEL-155993 2:2.11.7-1.4 - Backport several CVE fixes Resolves: RHEL-148046, RHEL-148049,...
CLSA-2026-1774277303 freerdp: Fix of CVE-2026-31806
CVE-2026-31806: Fix heap buffer overflow in nscprocessmessage...
Important: freerdp
Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bound...
CVE-2026-26955
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...
CVE-2026-26965
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...
CVE-2026-26955
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...
CVE-2026-1814
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...
CVE-2026-1814
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...
PT-2026-22018
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the RLE planar decode path within the planar decompress plane rle function, where it writes to memory without proper...
EUVD-2024-29874
Malicious code in bioql PyPI...
CVE-2023-3965
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...