RockyLinux 9 : libarchive (RLSA-2026:8510)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8510 advisory. libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4424 libarchive: libarchive: Arbitrary code...

CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

DEBIAN-CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-32624 xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-32624

CVE-2026-32624 affects xrdp (open source RDP server) up to version 0.10.5. A heap-based buffer overflow can occur in logon processing when domain_user_separator is configured in xrdp.ini, allowing an unauthenticated remote attacker to send a crafted, excessively long username and domain name to o...

EUVD-2026-23506

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-32624 xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

CVE-2026-21733

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED...

CVE-2026-21733

CVE-2026-21733 concerns a vulnerability in Imagination Technologies’ GPU driver where software running as a non-privileged user can perform improper GPU system calls due to incorrect handling of GPU memory reservation protections. The root cause is described as improper handling of GPU memory res...

Chromium: CVE-2026-6302 Use after free in Video

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

OESA-2026-1942 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

OESA-2026-1916 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq...

CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq...

CVE-2026-6507

dnsmasq is affected by CVE-2026-6507 due to an out-of-bounds write in DHCP BOOTREPLY processing when configured with --dhcp-split-relay. This can allow a remote attacker to crash the dnsmasq daemon, causing DoS. Remediation: remove the --dhcp-split-relay option from the dnsmasq configuration and ...

USN-8184-1: Linux kernel (Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

PT-2026-33499

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description A heap-based buffer overflow exists in the logon processing of this open source RDP server. When the domain user separator is configured in the 'xrdp.ini' file, an unauthenticated remote attacker can...

xrdp 安全漏洞

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to 0.10.5 contain security vulnerabilities. These vulnerabilities stem from heap-based buffer overflows during login processing, which may lead to memory corruption, denial-of-service attacks...