Lumingyin

**Name of the Vulnerable Software and Affected Versions** Atheme version 7.2.12 **Description** The issue is a memory leak vulnerability located in the /atheme/src/crypto-benchmark/main.c file. **Recommendations** For Atheme version 7.2.12, consider restricting access to the vulnerable file /atheme/src/crypto-benchmark/main.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kerberos 5 (aka krb5) version 1.21.2 **Description** The issue is related to a memory leak in the /krb5/src/kdc/ndr.c component of the Kerberos 5 implementation. This memory leak vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Kerberos 5 (aka krb5) version 1.21.2, consider restricting access to the vulnerable component /krb5/src/kdc/ndr.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openNDS version 10.2.0 **Description** The issue is related to a Use-After-Free condition via the /openNDS/src/auth.c file. **Recommendations** For openNDS version 10.2.0, consider disabling the authentication functionality temporarily until a patch is available. Restrict access to the /openNDS/src/auth.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nanomq version 0.21.2 **Description** The issue is a Use-After-Free vulnerability located in /nanomq/nng/src/core/socket.c. **Recommendations** For nanomq version 0.21.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kerberos 5 (aka krb5) version 1.21.2 **Description** The issue is related to a memory leak in the /krb5/src/lib/gssapi/krb5/k5sealv3.c component of the Kerberos 5 implementation. This memory leak vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Kerberos 5 (aka krb5) version 1.21.2, consider restricting access to the vulnerable component /krb5/src/lib/gssapi/krb5/k5sealv3.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kerberos 5 (aka krb5) version 1.21.2 **Description** The issue is related to a memory leak in the implementation of the Kerberos network protocol, specifically in the /krb5/src/lib/rpc/pmap rmt.c component. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Kerberos 5 (aka krb5) version 1.21.2, consider restricting access to the `pmap rmt.c` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.