CVE-2025-40251 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific rateleafparentset or...

Linux Distros Unpatched Vulnerability : CVE-2025-40251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to Unset parent for all rate objects. However, it wa...

PT-2025-49081

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc4+ Description The devl rate nodes destroy function in the Linux kernel did not correctly unset the parent pointer for rate objects, leading to a dangling pointer in the devlink rate struct. This issue...

GHSA-Q3HC-J9X5-MP9M Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family

Withdrawn Advisory This advisory has been withdrawn because it does not affect the ImageMagick project's NuGet packages. Original Description We believe that we have discovered a potential security vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked wi...

CVE-2025-65955

ImageMagick’s Magick++ vulnerability CVE-2025-65955 manifests when Options::fontFamily is invoked with an empty string, causing a use-after-free/dangling font pointer in _drawInfo->font and potentially leading to crashes or heap corruption on cleanup or subsequent updates. The issue arises bec...

TencentOS Server 4: ghostscript (TSSA-2024:0902)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0902 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53103)

hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

PT-2025-47377

Name of the Vulnerable Software and Affected Versions GNU GRUB Grand Unified Bootloader affected versions not specified Description A use-after-free issue exists in GNU GRUB Grand Unified Bootloader. The problem stems from an incorrect memory pointer retention during the file-closing process,...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50264)

vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans. During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This plugin only works with Tenable.ot. Please visit...

CVE-2011-10034

AUTOMGEN versions up to and including 8.0.0.7 also referenced as 8.022 contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an...

EUVD-2011-5270

AUTOMGEN versions up to and including 8.0.0.7 also referenced as 8.022 contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an...

Siemens SIMATIC S7-1500 Use After Free (CVE-2020-8231)

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990859)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990859 advisory. In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there ...

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

Use After Free

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Use After Free via the PyObjectStealAttrString function. An attacker can execute arbitrary code or cause a crash by passing a dangling pointer to APIs such as PyLongAsLong o...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the PyObjectStealAttrString function. An attacker can execute arbitrary code or cause a crash by passing a dangling pointer to APIs such as PyLongAsLong or PyFloatAsDouble after the reference has been decremented. PoC...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989332 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990267 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990183)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990183 advisory. In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6create sockinitdata attaches the allocated...