533 matches found
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...
CVE-2026-24679
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
UBUNTU-CVE-2026-24675
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
CVE-2026-24679
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
CVE-2026-24679 FreeRDP has a heap-buffer-overflow in urb_select_interface
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
CVE-2026-24675 FreeRDP has a Heap-use-after-free in urb_select_interface
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
CVE-2026-24675
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
CVE-2026-24675
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: at76c50x: Fixed the issue where access was used after the object was freed in at76disconnect. The memory pointed to by priv is freed at the end of the at76deletedevice function using ieee80211freehw. However, the code then...
CVE-2025-71161
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21773)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21773 advisory. - In the Linux kernel, the following vulnerability has been resolved: can: etases58x: fix potential NULL point...
MiracleLinux 8 : systemd-239-40.el8 (AXSA:2021-1218:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1218:01 advisory. systemd: memory leak in buttonopen in login/logind-button.c when udev events are received CVE-2019-20386 Tenable has extracted the preceding description bloc...
MiracleLinux 3 : udev-095-14.20AXS3 (AXSA:2009-45:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-45:01 advisory. The udev package contains an implementation of devfs in userspace using sysfs and netlink. Fixed bugs: CVE-2009-1185 udev before 1.4.1 does not verify whether ...
MiracleLinux 7 : libvirt-4.5.0-36.5.0.1.el7.AXS7 (AXSA:2025-9921:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9921:04 advisory. CVE-2024-2496: Fix NULL pointer dereference in udevConnectListAllInterfaces function CVEs: CVE-2024-2496 A NULL pointer dereference flaw was found in the...
udev Persistence
This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...
PT-2026-7034
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0 Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw in the urb select interface function. Specifically, the function can free a device’s MS configuration on error, but subsequent code...
EUVD-2005-3628
Malware in sbrugna...
EUVD-2010-1180
Malware in sbrugna...
EUVD-2009-1186
Malware in sbrugna...
EUVD-2016-2334
Malware in sbrugna...