SUSE CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

UBUNTU-CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

SUSE CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

EUVD-2026-17235

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992515 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2021-45960)

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

Linux Distros Unpatched Vulnerability : CVE-2025-2925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MMrealloc of the file src/H5MM.c. T...

Linux Distros Unpatched Vulnerability : CVE-2024-38585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc Pass userplen to memcpy instead of heap-len...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue introduced in dokrealloc that causes the MTE to incorrectly report a slab-out-of-bounds error...

OESA-2024-1815 mozjs78 security update

Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory.CVE-2021-45960 xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain...

UBUNTU-CVE-2024-38585

In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc Pass userplen to memcpy instead of heap-len to prevent realloc from copying an extra sizeofheap bytes from beyond the allocated region...

SUSE CVE-2023-37573

Multiple use-after-free vulnerabilities exist in the VCD getvartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

SUSE CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

SUSE CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc while other local variables still point at the original buffer...

curl: double free due to subsequent call of realloc()

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3...

UBUNTU-CVE-2019-20202

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault...

UBUNTU-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

[slackware-security] gnupg2

New gnupg2 packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/gnupg2-2.0.14-i486-3slack13.1.txz: Rebuilt. Patched to fix "Realloc Bug with X.509 certificates in GnuPG". F...