CVE-2025-38517

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: do not acquire non-existent lock in alloctagtopusers alloctagtopusers attempts to lock alloctagcttype-modlock even when the alloctagcttype is not allocated because: 1 alloc tagging is disabled because mem profiling ...

CVE-2025-38517

CVE-2025-38517 is a Linux kernel issue in lib/alloc_tag where alloc_tag_top_users() may lock alloc_tag_cttype->mod_lock even when alloc_tag_cttype is NULL or invalid, leading to a crash on memory allocation failure. The root cause is that alloc_tag_cttype can be NULL or an error value in scena...

CVE-2025-38517 lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: do not acquire non-existent lock in alloctagtopusers alloctagtopusers attempts to lock alloctagcttype-modlock even when the alloctagcttype is not allocated because: 1 alloc tagging is disabled because mem profiling ...

SUSE CVE-2025-8733

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison...

Linux Distros Unpatched Vulnerability : CVE-2023-5517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receiv...

SUSE CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

CVE-2021-28306

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent...

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

CGA-PJ4F-JGV2-G5HJ

Bulletin has no description...

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due interaction between unexpected parameter values set for ClusterDeployment.hive.openshift.io/v1 and ClusterSync.hiveinternal.openshift.io/v1alpha1 objects in the Reconcile method i...

Hashicorp Go-slug 后置链接漏洞

HashiCorp Hashicorp Go-slug is a Go-based codebase for packing and unpacking files from HashiCorp, USA. A security vulnerability exists in Hashicorp Go-slug version 0.16.2 and earlier, which stems from the fact that HashiCorp's go-slug library is susceptible to a zip-slip style attack when...

YesWiki 跨站脚本漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative way. A cross-site scripting vulnerability exists in YesWiki 4.4.5 and earlier versions, which stems from improper input validation when the attach component...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that the splitlargebuddy function may call pfntopage on a non-existent PFN, resulting in a...

SurrealDB has an Uncaught Exception Handling Nonexistent Role

Roles for system users are stored as generic Ident values and converted as strings and into the Role enum whenever IAM operations are to be performed that require processing the user roles. This conversion expects those identifiers to only contain the values owner, editor and viewer and will retu...

GHSA-JC55-246C-R88F SurrealDB has an Uncaught Exception Handling Nonexistent Role

Roles for system users are stored as generic Ident values and converted as strings and into the Role enum whenever IAM operations are to be performed that require processing the user roles. This conversion expects those identifiers to only contain the values owner, editor and viewer and will retu...

PT-2024-40343 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises from the conversion of Ident values to the Role enum, which expects only specific values owner, editor, and viewer. If a nonexistent role is used, it would result in a panic,...

CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...