CVE-2022-50776 clk: st: Fix memory leak in st_of_quadfs_setup()

In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in stofquadfssetup If stclkregisterquadfspll fails, @lock should be freed before goto @errexit, otherwise will cause meory leak issue, fix it...

CVE-2025-68734 isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also...

CVE-2025-68734

The CVE-2025-68734 in the Linux kernel affects isdn/mISDN hfcsusb, where a memory leak in hfcsusb_probe() was fixed by freeing the allocated ctrl_urb before freeing the hw structure when setup_instance() fails, and by restructuring error paths to use a goto ladder. The issue has been acknowledged...

SUSE CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

PT-2025-53114

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the init mqueue fs function within the message queue subsystem of the Linux kernel. The issue occurs when init mqueue fs fails after setup mq sysctls, and retire ...

PT-2025-53221

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/amdkfd subsystem. A kernel warning can occur during topology setup due to incorrect initialization of the p2plink attribute before creating th...

PT-2025-53142

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue was resolved in the Linux kernel related to the st of quadfs setup function. Specifically, if the st clk register quadfs pll function fails, the @lock resource was no...

PT-2025-53000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the hfcsusb probe function within the mISDN hfcsusb component of the Linux kernel. Specifically, memory allocated for ctrl urb is leaked when setup instance fails...

PT-2025-53146

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the nfqnl nf hook drop function. This occurs when the ops init interface fails during net initialization, leading to an invalid...

CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2025-68338

In the Linux kernel, CVE-2025-68338 concerns the dsa: microchip path where, if setup fails, ksz_irq_free() may be called on an uninitialized ksz_irq, risking freeing uninitialized IRQ numbers and/or domains. The fix implemented is to iterate only over fully initialized ports in the error path usi...

Malicious code in lanchain-openai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c312361541ed240dabd6df1f9cb9ed856a718dc8c8881f43bbacb429807e303 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192699 Malicious code in lanchain-openai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c312361541ed240dabd6df1f9cb9ed856a718dc8c8881f43bbacb429807e303 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2022-55751

Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...

PT-2025-52754

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to DSA Distributed Switch Architecture and Microchip network devices. Specifically, the ksz irq free function may be called on an uninitialized...

Linux Distros Unpatched Vulnerability : CVE-2025-68338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when...

CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf upf-epc-pfcpiface in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer...

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...