freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006587 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix deadlock in rtwsurveydoneeventcallback There is a deadlock in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006726 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006578)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006578 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: exc3000 - properly stop timer on shutdown We need to stop the timer on driver unbind or...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006654 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

CVE-2026-31393

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4 bytes but then reads rsp-data without verifying that the payload is...

CVE-2026-31393

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4 bytes but then reads rsp-data without verifying that the payload is...

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...

Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.51 fixes various security issues The following security issues were fixed: CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. CVE-2025-38488: smb: client: fix use-after-free in cryptmessa...

Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...

SUSE-SU-2026:1096-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: - CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. - CVE-2025-40258: mptcp: fix race condition in...

SUSE-SU-2026:1101-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. - CVE-2025-38488: smb: client: fix use-after-free in...

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1073-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1073-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: -...

CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...