Linux Distros Unpatched Vulnerability : CVE-2018-15671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5Pgetcb in H5Pint.c during an attempted...

Linux Distros Unpatched Vulnerability : CVE-2014-8625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service...

CVE-2025-38660

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...

AZL-66584 CVE-2025-38660 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...

UBUNTU-CVE-2025-38660

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...

CVE-2025-38660

CVE-2025-38660 affects the Linux kernel code path used when handling Ceph-related long names. The issue stems from parse_longname() using strrchr() without a guaranteed NUL-terminated string, which motivated building a NUL-terminated copy via kmemdup_nul() to prepare input for kstrtou64(). The pr...

CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...

CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...

CVE-2025-38660

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...

CVE-2025-38655

The CVE-2025-38655 issue in the Linux kernel affects pinctrl for canaan: k230 where the group parser retrieved the device-tree property "pinmux" without validating the of_get_property() return. The root cause is a missing NULL check, leading to a potential NULL pointer dereference if the property...

CVE-2025-38616 tls: handle data disappearing from under the TLS ULP

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses...

Linux Distros Unpatched Vulnerability : CVE-2025-47183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to...

ROS-20250822-08

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

Linux Distros Unpatched Vulnerability : CVE-2025-47806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806...

ROS-20250822-07

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

SUSE CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

TencentOS Server 4: mod_security (TSSA-2025:0553)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0553 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

curl: Curl parse_connect_to_string Heap-Overread Leading to Denial of Service via CURLOPT_CONNECT_TO

Summary: A heap-buffer-overread occurs in Curl's parseconnecttostring function when using the CURLOPTCONNECTTO option with crafted input. This can lead to a segmentation fault and crash of the application, resulting in a denial-of-service. The issue is triggered by malformed host strings containi...

Linux Distros Unpatched Vulnerability : CVE-2022-50012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in setupfeaturekeys is too late because static keys may be used in...

Linux Distros Unpatched Vulnerability : CVE-2025-52891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML ta...