freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write

A denial of service flaw has been found in FreeRDP. A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite...

kernel: Linux kernel io_uring: Local privilege escalation, information disclosure, or denial of service via use-after-free

A flaw was found in the Linux kernel's iouring subsystem. A local attacker with low privileges could exploit a use-after-free vulnerability when the sq-thread object is prematurely released while still being accessed by the iouringshowfdinfo function. This flaw could lead to privilege escalation,...

CVE-2026-3739

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

CVE-2026-3739

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

CVE-2026-3739

The CVE-2026-3739 vulnerability affects suitenumerique messages 0.2.0, specifically the ThreadAccessSerializer in src/backend/core/api/serializers.py (ThreadAccess component). The issue is a manipulation that leads to improper authentication, enabling remote exploitation. An exploit is publicly r...

CVE-2026-3739 suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

CVE-2026-3739

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

OESA-2026-1521 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: A malicious server can trigger a client-side heap buffer overflow, causing a crash DoS and potential heap...

OESA-2026-1519 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: A malicious server can trigger a client-side heap buffer overflow, causing a crash DoS and potential heap...

SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2026:0763-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0763-1 advisory. - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in...

SUSE SLES15 Security Update : freerdp (SUSE-SU-2026:0621-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0621-1 advisory. - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005648)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005648 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage threadstruct's s12 may contain random kernel memory...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005754 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfreescalethread threads after unloading rcuscale Running the 'kfreercutest'...

CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...

SUSE SLES12 Security Update : freerdp (SUSE-SU-2026:0762-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0762-1 advisory. - CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. - CVE-2026-22857: heap-use-after-free in irpthreadfunc...

PT-2026-22920

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a use-after-free issue in the f2fs write end io function. This issue occurs due to a race condition where memory associated with the superblock sbi is freed whi...

SUSE-SU-2026:0763-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. - CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. - CVE-2026-24677:...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...