security vulnerability

CVE-2023-7192 is a memory-management bug in the Linux kernel’s netfilter conntrack netlink path that can leak references and eventually cause a denial-of-service (DoS) condition; the flaw lives in ctnetlink_create_conntrack (net/netfilter/nf_conntrack_netlink.c) and can be triggered by a local...

A subtle corruption in a DWARF5 line-table header can still bring a debugging toolchain to its knees: CVE-2020-28163 is a null-pointer dereference in libdwarf’s dwarf_print_lines.c that allows a crafted DWARF5 line-table header with an invalid FORM for a pathname to crash applications that...

libdwarf — the small, unassuming library that reads DWARF debug data — contains a parsing defect tracked as CVE‑2020‑27545 that, in releases prior to 20201017, can be induced by a crafted object to perform a one‑byte out‑of‑bounds read via an invalid pointer dereference in a malformed line...

A high-severity remote-code-execution flaw in the widely used Python packaging library pypa/setuptools — tracked as CVE-2024-6345 — lets attackers turn crafted package URLs into arbitrary command execution on affected systems; the bug affects setuptools versions up to 69.1.1 and was corrected in...

The Rust linear-algebra crate nalgebra contained a deserialization bug that could let crafted input violate a core size invariant, producing out‑of‑bounds memory access and potentially causing memory corruption, crashes, and denial of service in any application that deserializes untrusted data...

The Linux kernel received a targeted fix addressing a subtle but real Time‑of‑Check to Time‑of‑Use (TOCTOU) race in the hwmon driver ftsteutates: the fts_read() path could read a shared fan source index twice without synchronization, opening a narrow window where a concurrent update changes the...

A deep, quietly dangerous integer‑overflow in the C layer of the popular Ruby JSON binding yajl‑ruby can turn very large JSON inputs into heap corruption and sustained process outages — operators should treat CVE‑2022‑24795 as a practical availability threat on 32‑bit builds and patch...

A subtle locking change in the Linux kernel’s MHI PCI host driver — tracked as CVE-2025-21951 — patched a deadlock that could cause a full loss of availability during device recovery or system power-management transitions, and operators should treat it as a real operational risk for systems that...

libxml2 contained a subtle but real use‑after‑free in its tree manipulation code that was assigned CVE‑2023‑45322 — a bug that only triggers after a specific memory allocation fails, but which nevertheless exposes real availability and stability risks for any software that embeds the library...

A subtle bug in libcurl’s handle-duplication logic can let an attacker plant cookies into a running process under a narrow set of conditions — a reliability bug that turned into a security issue and was assigned CVE‑2023‑38546. The flaw is small in scope, rated low severity by the curl project...

A subtle mistake in the Linux USB driver stack has been quietly corrected — and the fix exposes a classic kernel problem: an erroneous decrement of a platform device reference count in the DesignWare Core USB3 (dwc3) ST driver that can lead to use‑after‑free and service loss. The vulnerability...

A recently disclosed vulnerability in the Linux kernel’s AMD DRM power-management code — tracked as CVE-2025-37769 — allows a carefully crafted input to trigger a division-by-zero inside the SMU11 power-management path, causing kernel crashes and sustained denial-of-service on affected systems...

A subtle bug in Go’s standard library quietly opened a door for denial-of-service attacks: malformed ZIP entries could cause archive/zip’s Reader.Open to panic, crashing programs that relied on the io/fs.FS integration introduced in Go 1.16. The issue, tracked as CVE-2021-41772 (GO-2021-0264)...

The zlib compression library was assigned CVE‑2016‑9841 for a flaw in inffast.c that arose from an old pointer‑increment optimization which, under modern compilers and in certain runtime contexts, could invoke undefined behavior and allow context‑dependent attackers to cause serious impact —...