4499 matches found
CVE-2026-23150 nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfcllcpsenduiframe. syzbot reported various memory leaks related to NFC, struct nfcllcpsock, skbuff, nfcdev, etc. 0 The leading log hinted that nfcllcpsenduiframe failed to allocate skb due to sockerrors...
CLSA-2026-1771011128 freerdp: Fix of 2 CVEs
CVE-2026-22857: fix heap use-after-free in irpthreadfunc when serialprocessirp fails - CVE-2026-23530: fix heap buffer overflow in planar bitmap decompression due to missing nSrcWidth/nSrcHeight validation...
OESA-2026-1339 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definite...
OESA-2026-1338 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definite...
[SECURITY] Fedora 42 Update: rust-scx_layered-0.0.6-7.fc42
A highly configurable multi-layer BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...
[SECURITY] Fedora 42 Update: rust-git2-0.20.4-1.fc42
Bindings to libgit2 for interoperating with git repositories. This library is both threadsafe and memory safe and allows both reading and writing git repositories...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...
UBUNTU-CVE-2026-24684
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0...
CVE-2026-24684 FreeRDP has a Heap-use-after-free in play_thread
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0...
CVE-2026-24684
CVE-2026-24684 affects FreeRDP prior to 3.22.0. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use-after-free in rdpsnd_treat_wave. This vulnerability impacts availability (high) with no confidentiality/integrity impa...
CVE-2026-24684 FreeRDP has a Heap-use-after-free in play_thread
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0...
CVE-2026-24684 FreeRDP has a Heap-use-after-free in play_thread
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0...
CVE-2026-24678
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...
CVE-2026-24676
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...
kernel: workqueue: Put the pwq after detaching the rescuer from the pool
A vulnerability was found in the Linux kernel's work queue subsystem, which manages background task execution. The issue stems from improper handling of the "rescuer" thread during the cleanup of unbound work queues...
FreeRDP 资源管理错误漏洞
FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.22.0 contained a resource management vulnerability. This vulnerability stemmed from the capture thread using a freed channel callback to send sample responses after the...
Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.2 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability
A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...
io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability
A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...
ROS-20260205-73-0022
A vulnerability in the pktgenthreadwrite function of the net/core/pktgen.c component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial ...