5248 matches found
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
SUSE CVE-2026-43445
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
security-skills
Security Skills Security Skills is a Hermes Agent skill pack...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
fast-xml-builder 安全漏洞
fast-xml-builder is an open-source building tool developed by Natural Intelligence that converts JSON data into XML format. Versions of fast-xml-builder prior to 1.1.7 contained security vulnerabilities. These vulnerabilities occurred when input data contained quotes in attribute values, and enti...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
SUSE CVE-2025-71297
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822bconfigtrxmode rtw8822bsetantenna can be called from userspace when the chip is powered off. In that case a WARNING is triggered in rtw8822bconfigtrxmode because trying to read the RF...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
CVE-2025-71297
A flaw was found in the Linux kernel's rtw88 and rtw8822b WiFi drivers. A local user can trigger a kernel warning by invoking the rtw8822bsetantenna function when the WiFi chip is powered off. This improper state handling leads to the driver attempting to read radio frequency RF registers,...
EUVD-2026-28751
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
CVE-2026-43445
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
UBUNTU-CVE-2026-43445
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
CVE-2026-43445
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
CVE-2026-43445 e1000/e1000e: Fix leak in DMA error cleanup
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
CVE-2026-43445
CVE-2026-43445 is a Linux kernel vulnerability in the e1000/e1000e drivers (and potentially igbvf) where a DMA mapping error cleanup leak could occur. The root cause was an off-by-one condition in the dma_error path: count was decremented before the loop, so if any TX buffer mappings succeeded be...
CVE-2026-43445
In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...
UBUNTU-CVE-2025-71297
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822bconfigtrxmode rtw8822bsetantenna can be called from userspace when the chip is powered off. In that case a WARNING is triggered in rtw8822bconfigtrxmode because trying to read the RF...
CVE-2026-37457
A flaw was found in FRRouting FRR. A remote attacker can exploit an off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function by supplying a specially crafted FlowSpec component. This issue can lead to a Denial of Service DoS. Mitigation Red Hat has investigated whether a...
CLSA-2026-1778174671 cyrus-sasl: Fix of CVE-2019-19906
CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...