SUSE CVE-2025-21742

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: use static NDP16 location in URB Original code allowed for the start of NDP16 to be anywhere within the URB based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, so it was possible f...

CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

UBUNTU-CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

CVE-2022-49674

The CVE-2022-49674 issue is a Linux kernel vulnerability in dm-raid where an array (rs->devs) could be accessed beyond its end when the raid_disks-derived count differed from metadata-driven counts during RAID layout changes. The root cause is using rs->raid_disks for iteration instead of t...

CVE-2022-49674 dm raid: fix accesses beyond end of raid member array

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

CVE-2022-49674 dm raid: fix accesses beyond end of raid member array

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

CVE-2022-49316

CVE-2022-49316 affects the Linux kernel’s NFSv4 layout management. The issue arises when performing layoutget as part of an open() compound: locks for the layoutget are held across multiple RPC calls, which can trigger recalls and deadlock. The connected advisories (EulerOS/Unity/Nessus OSS) conf...

Using Valgrind on Chrome

Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...

Malicious code in tenable-universal-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a06fb3037f4c830e070f05524b0e4d6e3cb5adec2e77bc06f20ee92a42742689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1380 Malicious code in tenable-universal-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a06fb3037f4c830e070f05524b0e4d6e3cb5adec2e77bc06f20ee92a42742689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21124

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

Astra Linux – Vulnerability in hdf5

The HDF5 library from version 1.14.3 has a heap-based buffer overflow issue in the H5Olayoutencode function within H5Olayout.c, which leads to the corruption of the instruction pointer...

Astra Linux – Vulnerability in hdf5

A buffer overflow in H5Olayoutencode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service through a crafted HDF5 file. This issue was triggered during the repacking of an HDF5 file, also known as “Invalid write of size 2.”...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86: stopped the use of stack-based calculations in the profilepc function. The profilepc function is used for timer-based profiling, which isn’t really that relevant anymore. It also makes assumptions about the stack layout that...

CVE-2025-22701

Server-Side Request Forgery SSRF vulnerability in shinetheme Traveler Layout Essential For Elementor traveler-layout-essential-for-elementor.This issue affects Traveler Layout Essential For Elementor: from n/a through 1.4...

CVE-2022-24822

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

Malicious code in effect-layout-function (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-1216 Malicious code in effect-layout-function (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-22701

Server-Side Request Forgery SSRF vulnerability in shinetheme Traveler Layout Essential For Elementor traveler-layout-essential-for-elementor.This issue affects Traveler Layout Essential For Elementor: from n/a through 1.4...