SUSE CVE-2023-53479

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service

...

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

...

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

...

MAL-2025-47870 Malicious code in vite-plugin-parse-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0c3c9412f03ac4be0712f183133c219efac17d93edf28bf821d9dae53b7856e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vite-plugin-parse-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0c3c9412f03ac4be0712f183133c219efac17d93edf28bf821d9dae53b7856e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2023-53453

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 size 512: comm "systemd-udevd", pid 326, jiffies 4294682822 age 716.338s hex dump first 3...

CVE-2022-50455

CVE-2022-50455 entry is rejected/not used per the Initial Description.

CVE-2023-53479

In CVE-2023-53479, the Linux kernel cxl driver had a use-after-free in cxl_parse_cfmws() during cxl_decoder_add() fail path. KASAN/KFENCE observed a slab-use-after-free where a released cxld was accessed in a later dev_err() path. The root cause was dereferencing freed memory; the fix replaces th...

CVE-2023-53479 cxl/acpi: Fix a use-after-free in cxl_parse_cfmws()

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

NewStart CGSL MAIN 6.06 : gettext Vulnerability (NS-SA-2025-0218)

The remote NewStart CGSL host, running version MAIN 6.06, has gettext packages installed that are affected by a vulnerability: - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read- catalog.c, related to an invalid free in pogramparse in po-gram-gen....

Fedora 44 : mirrorlist-server / rust-maxminddb / rust-protobuf / etc (2025-41d833fe83)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-41d833fe83 advisory. - Update mirrorlist-server to version 3.0.8. - Update the maxminddb crate to version 0.26.0. - Update the protobuf and protobuf-codegen crates to version...

CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". Mitigatio...

OSV-2025-793 Heap-use-after-free in parse_from_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=447719691 Crash type: Heap-use-after-free READ 8 Crash state: parsefromheader fuzzparsemsg.c parseheaders...

Linux Distros Unpatched Vulnerability : CVE-2025-10824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after...

CVE-2025-11082

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the bfdelfparseehframe function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input to the process. Remediation A fix was pushed into the master branch...

CVE-2025-11082

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

GHSA-FMJH-F678-CV3X github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...