Lucene search
K

32 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurred in the smartcard SetAttrib path when cbAttrLen did not match the actual NDR buffer length. This vulnerability has been fixed in version 3.20.1...

9.1CVSS5.5AI score0.00756EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010673 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is...

9.8CVSS6AI score0.00453EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007193 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen doe...

9.1CVSS6AI score0.00756EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/30 9:43 p.m.7 views

CVE-2026-33995 FreeRDP: Possible double free in kerberos_AcceptSecurityContext

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006318 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on serversupplied...

9.1CVSS5.9AI score0.00756EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006320)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006320 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew frees cursorPixels on failure, then pointerfree calls...

9.8CVSS6AI score0.00402EPSS
Exploits1References4
OSV
OSV
added 2026/03/13 7:54 p.m.4 views

UBUNTU-CVE-2026-31883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...

9.8CVSS5.8AI score0.00317EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/13 5:26 p.m.26 views

CVE-2026-29774 FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

5.3CVSS0.00323EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there were security...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/08 9:30 a.m.4 views

EUVD-2026-10225

A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...

5.1CVSS4.2AI score0.0027EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/25 10:16 p.m.6 views

CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

7.5CVSS5.9AI score0.00346EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/25 8:1 p.m.24 views

CVE-2026-25942 FreeRDP has global-buffer-overflow in xf_rail_server_execute_result

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexes the global errorcodenames array 7 elements, indices 0–6 with an unchecked execResult-execResult value received from the server, allowing an out-of-bounds read when the serve...

6.9CVSS0.00454EPSS
Exploits1References6
OSV
OSV
added 2026/01/23 12:24 p.m.5 views

OESA-2026-1237 python-filelock security update

This package contains a single module, which implements a platform independent file locking mechanism for Python. Security Fixes: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of th...

5.3CVSS5.6AI score0.00115EPSS
Exploits0References2
NVD
NVD
added 2026/01/14 6:16 p.m.11 views

CVE-2026-22857

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

9.8CVSS0.00453EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-22009

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Versions before 3.23.0 contain a flaw where the xf SetWindowMinMaxInfo function improperly dereferences a freed xfAppWindow pointer...

10CVSS5.3AI score0.00756EPSS
Exploits18References140
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

FreeRDP 缓冲区错误漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer error vulnerability exists in versions prior to FreeRDP 3.20.0 that stems from a failure to guarantee NUL termination in the certificate handling code, which could result in a heap...

9.1CVSS6.6AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.3 views

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the course-short, course-full, and cdate parameters in add-course.php. An attacker can exploit this...

6.5CVSS8.1AI score0.00215EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.3 views

PHPGurukul Student Record System 注入漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter course-short in the file /add-course.php. An attacker can exploit this vulnerability to...

9.8CVSS7.8AI score0.00432EPSS
Exploits1References5
OSV
OSV
added 2025/03/20 12:32 p.m.13 views

GHSA-FM93-G6XP-35XQ Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7.1AI score0.0059EPSS
Exploits1References3
NVD
NVD
added 2025/03/20 10:15 a.m.23 views

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS0.0059EPSS
Exploits1References1
Rows per page
Query Builder