CVE-2025-38691

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

AZL-66800 CVE-2025-38691 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

CVE-2025-38691

Technical details about CVE-2025-38691 are not publicly provided in the supplied connected documents. Monitor vendor advisories (Debian, Mageia, Amazon Linux) for patches and mitigations and update accordingly.

CVE-2025-38691 pNFS: Fix uninited ptr deref in block/scsi layout

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

CVE-2025-38691 pNFS: Fix uninited ptr deref in block/scsi layout

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

CVE-2025-41058

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters within the /apprain/developer/addons/update/cycle process. An attacker can execute arbitrary scripts in the...

CVE-2025-41061

appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/uploadify endpoint, caused by insufficient validation of user input in data[Addon][layouts] and data[Addon][layouts_except]. Public descriptions from CNVD/CNNVD and SNYK corroborate that th...

CVE-2025-41049 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...

NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN

...

PT-2025-35930

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

Jump over ASLR - Branch Predictors

This project demonstrates applied research in C that illustrates concepts related to branch predictors, speculative execution, and cache-based side channels in the context of Address Space Layout Randomization ASLR...

Linux Distros Unpatched Vulnerability : CVE-2025-54812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HT...

Exploit for Out-of-bounds Write in Apple Macos

CVE-2025-31200: CoreAudio APAC Channel Remapping Buffer Overfl...

Apache Log4cxx Cross-Site Scripting Vulnerability

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...

CVE-2025-54812

A flaw was found in log4cxx. When using HTMLLayout, logger names are not properly escaped. This vulnerability allows an attacker to provide untrusted data as a logger name to inject arbitrary HTML content into log output files. This issue can lead to cross-site scripting vulnerabilities if the HT...

CVE-2025-54813

A flaw was found in apache-log4cxx. When utilizing JSONLayout, the component fails to properly escape certain payload bytes, allowing attacker-supplied messages containing specific non-printable characters to be passed through unescaped. This allows an attacker to inject arbitrary data into log...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTMLLayout class. An attacker can execute arbitrary HTML or JavaScript code by injecting malicious content into the logger name, which is then written to the HTML log file and subsequently...

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...