Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

SUSE-SU-2026:1633-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

CVE-2026-25942

FreeRDP is affected prior to 3.23.0. The vulnerability occurs in xf_rail_server_execute_result, which uses an unchecked execResult value from the server to index the global error_code_names[] array (size 7, indices 0–6). An execResult of 7 or greater allows an out-of-bounds read. The issue is fix...

CVE-2025-45854

/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...

CVE-2023-29410

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute...

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...

CVE-2016-4971

It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client...

CVE-2007-4584

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable...