Security update for busybox

This update for busybox fixes the following issues: CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. CVE-2023-42365: use-after-free in the awk.c copyvar function bsc1217585...

SUSE-SU-2026:0892-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...

Security update for busybox

This update for busybox fixes the following issues: CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. CVE-2023-42365: use-after-free in the awk.c copyvar function bsc1217585...

PT-2026-29137

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a heap buffer overflow exists in the resize vbar entry function located in libfreerdp/codec/clear.c...

PT-2026-29140

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an issue exists in the persistent cache read entry v3 function within libfreerdp/cache/persistent.c...

PT-2026-29139

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. In versions prior to 3.24.2, the yuv ensure buffer function within libfreerdp/codec/h264.c updates h264-width and h264-height before...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992515 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...

CVE-2022-50622

The CVE-2022-50622 entry relates to the Linux kernel, where ext4 fixes a potential memory leak in ext4_fc_record_modified_inode(). The issue occurs because krealloc may return NULL, leaving state->fc_modified_inodes NULL but not freeing the previously allocated memory, causing a leak. A patch ...

CVE-2025-13397

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

CVE-2025-13397

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

CVE-2025-13397 mrubyc alloc.c mrbc_raw_realloc null pointer dereference

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

CVE-2025-13397

CVE-2025-13397 affects mrubyc up to version 3.4, specifically the mrbc_raw_realloc function in src/alloc.c. The issue stems from manipulating the argument ptr, causing a null pointer dereference. The advisory notes a local attack vector and points to a patch identified as 009111904807b8567262036b...

CVE-2025-13397 mrubyc alloc.c mrbc_raw_realloc null pointer dereference

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

null pointer dereference vulnerability in mrubyc 3.4

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

PT-2025-47462

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc raw realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...

mruby/c 代码问题漏洞

mruby/c is a C language library in the ITOC mruby/c team.open source. A code issue vulnerability exists in mruby/c version 3.4 and earlier, which stems from improper manipulation of the parameter ptr to function mrbcrawrealloc in file src/alloc.c, which may result in a null pointer dereference...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2021-45960)

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990759 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989226)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989226 advisory. In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcacherbtreeexit In regcacherbtreeinserttoblock, when...

CLSA-2025-1761844489 Fix of 9 CVEs

SECURITY UPDATE: multiple vulnerabilities in AWK implementation - debian/patches/CVE-2021-423xx-awk.patch: fix issues with argument parsing, delete statement validation, length parsing, post-increment/decrement on literals, expression handling, regex splitting, use-after-realloc, and maxfields...