CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

CVE-2025-21994

CVE-2025-21994 is a Linux kernel vulnerability in the ksmbd module where validation for the num_aces field of smb_acl was incorrect. The advisory notes that parse_dcal() should verify num_aces using the actual buffer size (smb_acl->size) rather than checking against a calculation that could al...

Malicious code in @hongfangze/array (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f960dc6274e7bc128da9e089382bd14d47a6e944b250dbc6a53b2f4a17cce5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses WHAT & HOW hpostreamtolinkencodermapping has size MAXHPODP2ENCODERS=4, but location can have size up to 6. As a result, it is necessary to check location against MAXHPODP2ENCODERS...

PT-2025-27979

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns an array-index-out-of-bounds read in the add missing indices function. Specifically, the stbl variable is of type s8 but is expected to contain offsets into a slot...

The vulnerability of the jfs_readdir() function in the fs/jfs/jfs_dtree.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the jfsreaddir function in the fs/jfs/jfsdtree.c module of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Vulnerability of the start_io_acct() function in the drivers/md/dm.c module – The driver for supporting multiple devices (such as RAID and LVM) in the Linux kernel allows a hacker to trigger a service failure.

Vulnerability of the startioacct function in the drivers/md/dm.c module – The driver for supporting multiple devices such as RAID and LVM in the Linux operating system is vulnerable due to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause service failures...

array-init-cursor is unsound when used with types that implement `Drop`

The Drop implementation will get run twice when using the cursor. This issue does not affect you, if you are using only using the crate with types that are Copy such as u8. This issue also does not affect you, if you are only depending on it through the crate planus...

CVE-2023-52987

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevent underflow in sofipc4prioritymaskdfswrite The "id" comes from the user. Change the type to unsigned to prevent an array underflow...

RHEL 8 : kernel-rt (RHSA-2025:3211)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3211 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

RHEL 8 : kernel-rt (RHSA-2025:3264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3264 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

RHEL 9 : kernel (RHSA-2025:3128)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3128 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: arm64: cacheinfo: Avoid out-of-bounds...

RHEL 8 : kernel (RHSA-2025:3209)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3209 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: arm64: cacheinfo: Avoid out-of-bounds...

SUSE CVE-2022-49743

In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy destination The "buf" flexible array needs to be the memcpy destination to avoid false positive run-time warning from the recent FORTIFYSOURCE hardening: memcpy: detected field-spanning...

SUSE CVE-2023-52988

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath sndhdagetconnections can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center...

SUSE CVE-2023-53000

In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from nlavalidateparse or validatenla u16 type = nlatypenla; if type == 0 || type maxtype / error or continue / @type is then used as a...

Dell Unity 安全漏洞

Dell Unity is a mid-range storage array software from Dell EMC for data storage and management. Dell Unity suffers from an OS command injection vulnerability that can be exploited by an attacker to submit a special request to delete arbitrary files...

CVE-2023-52988

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath sndhdagetconnections can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center...

CVE-2023-52987

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevent underflow in sofipc4prioritymaskdfswrite The "id" comes from the user. Change the type to unsigned to prevent an array underflow...

CVE-2022-49743

In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy destination The "buf" flexible array needs to be the memcpy destination to avoid false positive run-time warning from the recent FORTIFYSOURCE hardening: memcpy: detected field-spanning...