DEBIAN-CVE-2023-53745

In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vectorconfig If the return value of the umlparsevectorifspec function is NULL, we should call kfreeparams to prevent memory leak...

UBUNTU-CVE-2023-53745

In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vectorconfig If the return value of the umlparsevectorifspec function is NULL, we should call kfreeparams to prevent memory leak...

CVE-2023-53745

CVE-2023-53745 affects the Linux kernel: a memory-leak in the vector_config path where uml_parse_vector_ifspec returning NULL requires freeing allocated params via kfree to prevent leak. The connected documents consistently describe the same fix in Linux kernel code paths (vector_config) and refe...

CVE-2025-40294

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...

SUSE CVE-2025-40268

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

PT-2025-49475

In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector config If the return value of the uml parse vector ifspec function is NULL, we should call kfreeparams to prevent memory leak...

PT-2025-49427

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s Bluetooth implementation within the parse adv monitor pattern function. The issue involves a potential out-of-bounds access when copying data into the...

CVE-2025-40268

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

CVE-2025-40268

The CVE-2025-40268 issue affects the Linux kernel CIFS client, specifically smb3_fs_context_parse_param. The vulnerability arises when an application calls fsconfig twice; on exit, free() only releases the first fsconfig’s ctx->source, not the first context’s, and there is no reclamation for f...

CVE-2025-40268

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the bytestringparse and stringparse functions on the gvariant-parser.c file. An attacker can cause memory corruption and potentially execute arbitrary code or crash the application by supplying specially...

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

EUVD-2024-32452

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

Malicious code in remark-parse10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8cd5885ca66abe264124578aa99aaeb2907923a26681d5b64e8d6b72cb72696 The package remark-parse10 was found to contain malicious code. Source: ghsa-malware b0d37276c9efb7e85e07384bd19c0625e6672c70443710e145c260516f0ba2f4...

MAL-2025-192246 Malicious code in remark-parse10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8cd5885ca66abe264124578aa99aaeb2907923a26681d5b64e8d6b72cb72696 The package remark-parse10 was found to contain malicious code. Source: ghsa-malware b0d37276c9efb7e85e07384bd19c0625e6672c70443710e145c260516f0ba2f4...

PT-2025-48972

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow that may lead to remote denial of service attacks. Specifically, when the server utilizes the FormEncodedDataDefinition.doParseStreamSourceChannel method to process...

Prototype Pollution

sveltekit-superforms is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied data in the parseFormData function of formData.js, which allows an attacker to inject properties into Object.prototype, enabling denial of service, type confusion, and potenti...

Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...