CVE-2026-43491

A flaw was found in the Linux kernel. A malicious client can exploit this by sending a large number of NEWSERVER messages, which are not properly limited. This can lead to memory exhaustion, causing a Denial of Service DoS where the system becomes unresponsive or crashes...

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

OPENSUSE-SU-2026:20632-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: Changes in freerdp2: - Update freerdp-3-macro: + Add WINPRATTRMALLOC macro from freerdp 3 - Security fixes for the following issues: CVE-2026-25941: Fixed a out of bounds read bsc1258919 CVE-2026-25942: Fixed a buffer overflow in...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

SUSE SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2026:1160-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1160-1 advisory. - CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. - CVE-2026-26955: Out-of-bounds Write in freerdp...

SUSE-SU-2026:1129-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. - CVE-2026-26955: Out-of-bounds Write in freerdp bsc1258982. - CVE-2026-26965: Out-of-bounds Write in freerdp bsc1258985. - CVE-2026-31806: improper validation of server...

EUVD-2021-7347

Malicious code in bioql PyPI...

CVE-2021-1883

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption...

UBUNTU-CVE-2022-48628

In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...

CVE-2022-22384

IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961...

DEBIAN-CVE-2021-44718

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle MITM position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers...

CVE-2021-1883

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption...

CVE-2021-1883

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in macOS, which is caused by a boundary error in Heimdal when processing server messages. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29,...

CVE-2020-1314

An elevation of privilege vulnerability exists in Windows Text Service Framework TSF when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'...

Updated spice-gtk packages fix security vulnerability

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

The vulnerability of the SPICE client Spice-GTK, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the SPICE client Spice-gtk is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted server messages...

CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client...