Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: We’ve fixed our handling of the situation where refs == 0 in the snapshot delete operation. In reada, there’s a bug where refs == 0 can occur. This could be problematic because we don’t hold a lock on the extent leaf, a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: added a check to prevent array-index-out-of-bounds in dbAdjTree. When the value of lp is 0 at the beginning of the for loop, it will become negative during the next assignment, and we should take appropriate measures to avoi...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: - In the net:sched section, there is a fix for the order of qlen adjustment. - Changes to sch-q.qlen related to qdisctreereducebacklog need to occur before a call to that function. Otherwise, it may fail to notify the parent...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series “mapletree: correct tree corruption on spanning store”, v3. There has been a subtle bug in the maple tree implementation that seems to exist since the inception of...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46840)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46840 advisory. - In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == ...

CLSA-2025-1738853271 Fix of 54 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26595 - mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndopollcontroller optional - bonding: use netpollpolldev helper - netpoll: do not test...

CVE-2025-22499

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through = 1.1.18...

CVE-2025-22593

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through = 1.4...

CVE-2024-54331

Cross-Site Request Forgery CSRF vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through = 1.7.3...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

MAL-2025-1237 Malicious code in x-tree-view (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61b6ca0784ee478a2ed8461e3bf79ca722ead00764ed795cbda13b255488f3f6 Any computer that has this package installed or running should be considered...

Malicious code in x-tree-view (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61b6ca0784ee478a2ed8461e3bf79ca722ead00764ed795cbda13b255488f3f6 Any computer that has this package installed or running should be considered...

Malicious code in tree-sitter-sqlite (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6171aef6bf33d3a77ea0523c0609d12e396a579ce197757f9ac020689a6c2363 Any computer that has this package installed or running should be considered...

MAL-2025-1234 Malicious code in tree-sitter-sqlite (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6171aef6bf33d3a77ea0523c0609d12e396a579ce197757f9ac020689a6c2363 Any computer that has this package installed or running should be considered...

Malicious code in tree-sitter-hcl (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 895fc4f8ca15729033448c2a72536b4599d5bfb9fa83bf42bec01c2e4e4fae88 Any computer that has this package installed or running should be considered...

MAL-2025-622 Malicious code in tree-sitter-hcl (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 895fc4f8ca15729033448c2a72536b4599d5bfb9fa83bf42bec01c2e4e4fae88 Any computer that has this package installed or running should be considered...

PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'

...

arm64: dts: imx8ulp: correct the flexspi compatible string

...

DEBIAN-CVE-2025-24368

Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...

UBUNTU-CVE-2025-24368

Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...