EUVD-2025-13092

Malicious code in bioql PyPI...

RLSA-2025:13598 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages...

SUSE CVE-2023-53485

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...

CVE-2023-53485

CVE-2023-53485 affects the Linux kernel JFS code path. The UBSAN out-of-bounds access in fs/jfs/jfs_dmap.c:1965 was triggered when dbAllocDmapLev accessed dp->tree.stree[leafidx + LEAFIND] with a negative leafidx. The patch adds a guard in dbAllocDmapLev to return an I/O error if leafidx is ne...

CVE-2023-53485 fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...

CVE-2023-53485 fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...

CVE-2023-53484 lib: cpu_rmap: Avoid use after free on rmap->obj array entries

In the Linux kernel, the following vulnerability has been resolved: lib: cpurmap: Avoid use after free on rmap-obj array entries When calling irqsetaffinitynotifier with NULL at the notify argument, it will cause freeing of the glue pointer in the corresponding array entry but will leave the...

CVE-2025-39919 wifi: mt76: mt7996: add missing check for rx wcid entries

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: add missing check for rx wcid entries Non-station wcid entries must not be passed to the rx functions. In case of the global wcid entry, it could even lead to corruption in the wcid array due to pointer being...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized chanstats array, which could lead to information disclosure...

Argo CD 安全漏洞

Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from not checking the length of JSON arrays, which could lead to a denial-of-service attack. The following versions are affected: versions 2.9.0-rc1...

ROS-20251001-08

Vulnerability of cJSON parser is related to boundary conditions in decodearrayindexfrompointer function in cJSONUtils.c. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information...

Advisory ROSA-SA-2025-3021

software: cjson 1.7.19 AXIS: ROSA-CHROME unaffected versions = cjson-1.7.19-1 affected versions cjson-1.7.19-1 CVE-ID: CVE-2025-57052 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in cJSON 1.5.0-1.7.18: allows a remote attacker to perform array escaping via decodearrayindexfrompointer...

Linux Distros Unpatched Vulnerability : CVE-2025-39778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmetctrlstateshow The cstsstatenames arra...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdevl3rcv CVE-2025-22103 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying CVE-2025-22113...

CVE-2025-57328

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on...

PT-2025-39684

🔴 https://t.co/GlL5deDG8n toggle-array Prototype Pollution Vulnerability CVE-2025-42505 Low Severity...

CLSA-2025-1758823373 libtiff: Fix of 2 CVEs

CVE-2025-8176: fix use after free vulnerability in gethistogram function that prevents proper scanline reading and processing in tools/tiffmedian.c - CVE-2025-8177: fix array overflow in thumbnail generation that could cause buffer overflow when processing malformed TIFF files in tools/thumbnail....

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...

CVE-2025-54520

Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality...

4d-oled (>=1.0.0 <=1.0.2), @abb92/holidates (>=1.0.0 <=1.0.1) +974 more potentially affected by CVE-2025-57328 via toggle-array (>=0.1.0 <=1.0.1)

toggle-array NPM version =0.1.0, =1.0.0, =1.0.0, =5.0.0, =4.0.2, =0.0.0-snapshot-ZERO-3343-20250425065225, =0.8.1-beta.2, =0.1.0, =0.1.1-a, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.11.0 and more Source cves: CVE-2025-57328 Source advisory: SNYK:JS-TOGGLEARRAY-13110016...