Azure Linux 3.0 Security Update: kernel (CVE-2025-37841)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37841 advisory. - In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL...

MiracleLinux 3 : boost-1.33.1-16.AXS3 (AXSA:2013-273:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-273:01 advisory. Boost provides free peer-reviewed portable C++ source libraries. The emphasis is on libraries which work well with the C++ Standard Library, in the hopes of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004716)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004716 advisory. An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system...

CVE-2023-31914

Jerryscript 3.0 commit 05dbbd1 was discovered to contain out-of-memory issue in malloc...

CVE-2023-45675

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if the len read in startdecoder is -1 and len + 1 becomes 0 when passed to setupmalloc. The setupmalloc behaves...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992709)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992709 advisory. In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low...

Linux Distros Unpatched Vulnerability : CVE-2022-50875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - of: overlay: fix null pointer dereferencing in finddupcsetnodeentry and finddupcsetprop When kmalloc fail to allocate memory in kasprintf, fn1 or fn2 will be...

CVE-2023-54165

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...

UBUNTU-CVE-2023-54165

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...

CVE-2023-54165 zsmalloc: move LRU update from zs_map_object() to zs_malloc()

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992445)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992445 advisory. In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low...

PT-2025-53994

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-0 fbk3 rc3 hoangnhatpzsdynshrv41 10870 g85a9558a25de Description The Linux kernel contains an issue within the zsmalloc subsystem related to the timing of Least Recently Used LRU list updates. The LRU upda...

JLSEC-2025-256 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c

In LibTIFF, there is a memory malloc failure in tifpixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack...

EUVD-2025-198714

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

DEBIAN-CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

CVE-2025-65495

CVE-2025-65495 affects libcoap 4.3.5. The issue is a signedness error in tls_verify_call_back() inside src/coap_openssl.c that can allow a remote attacker to trigger a denial of service by sending a crafted TLS certificate, causing i2d_X509() to return -1 and be misused as a malloc() size. Public...

PT-2025-47909

Integer signedness error in tls verify call back in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d X509 to return -1 and be misused as a malloc size parameter...

curl: Incorrect sizeof() in Rustls Backend Memory Allocation

Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...