Malicious Package

Overview json-map-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-192321 Malicious code in json-map-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dd2d0607d185e9c26b9f948e2335066b6e537f3f192794f59fdf55548300006 The package json-map-source was found to contain malicious code. Source: ghsa-malware 3c10e01cd8946f23f63e8eb210a0de73503e9815cf616aee78f18c96c4fe2ef...

cacheinfo: Fix shared_cpu_map to handle shared caches at different levels

...

PT-2025-49280

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

AlmaLinux 10 : buildah (ALSA-2025:22012)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22012 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2025:22668)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22668 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 golang: archive/tar: Unbounded allocation when parsing GNU sparse map...

CVE-2025-40250 net/mlx5: Clean up only new IRQ glue on request_irq() failure

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on requestirq failure The mlx5irqalloc function can inadvertently free the entire rmap and end up in a crash1 when the other threads tries to access this, when requestirq fails due to exhauste...

EUVD-2025-201209

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...

CVE-2025-40245 nios2: ensure that memblock.current_limit is set when setting pfn limits

In the Linux kernel, the following vulnerability has been resolved: nios2: ensure that memblock.currentlimit is set when setting pfn limits On nios2, with CONFIGFLATMEM set, the kernel relies on memblockgetcurrentlimit to determine the limits of memmap, in particular for maxlowpfn. Unfortunately,...

UBUNTU-CVE-2025-40218

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pteoffsetmaplock until success DAMON's virtual address space operation set implementation vaddr calls pteoffsetmaplock inside the page table walk callback function. This is for reading and writing pa...

EUVD-2025-201185

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pteoffsetmaplock until success DAMON's virtual address space operation set implementation vaddr calls pteoffsetmaplock inside the page table walk callback function. This is for reading and writing pa...

CVE-2025-40218

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pteoffsetmaplock until success DAMON's virtual address space operation set implementation vaddr calls pteoffsetmaplock inside the page table walk callback function. This is for reading and writing pa...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

Moderate: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

Moderate: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a flaw in the pteoffsetmaplock retry logic, which could lead to an infinite loop...

RHEL 8 : xorg-x11-server (RHSA-2025:22753)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22753 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

RHEL 9 : xorg-x11-server (RHSA-2025:22364)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22364 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

RockyLinux 9 : buildah (RLSA-2025:22011)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:22011 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...