MAL-2025-22664 Malicious code in hot-air-thread-minify-assert (npm)

The package hot-air-thread-minify-assert was found to contain malicious code...

Malicious code in xi-shell-zeta-assert-encode (npm)

The package xi-shell-zeta-assert-encode was found to contain malicious code...

MAL-2025-22252 Malicious code in hash-query-string-assert-catch (npm)

The package hash-query-string-assert-catch was found to contain malicious code...

MAL-2025-14939 Malicious code in assert-new-compress-mu-key (npm)

The package assert-new-compress-mu-key was found to contain malicious code...

CVE-2025-1394

The Ember ZNet stack’s packet buffer manager may read out of bound memory leading to an assert, causing a Denial of Service DoS...

RockyLinux 8 : glibc (RLSA-2025:3828)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3828 advisory. glibc: buffer overflow in the GNU C Library's assert CVE-2025-0395 Tenable has extracted the preceding description block directly from the RockyLinux security...

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

UBUNTU-CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release

...

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

...

CVE-2025-38287

CVE-2025-38287 affects the Linux kernel InfiniBand subsystem (IB_cm). The issue occurs when freeing old cm_priv_msg via cm_free_priv_msg() after cm_id has advanced, where a lock held assertion and WARN triggers due to reuse of the cm_id lock. This could allow a local attacker to trigger a denial ...

CVE-2025-38287 IB/cm: Drop lockdep assert and WARN when freeing old msg

In the Linux kernel, the following vulnerability has been resolved: IB/cm: Drop lockdep assert and WARN when freeing old msg The send completion handler can run after cmid has advanced to another message. The cmid lock is not needed in this case, but a recent change re-used cmfreeprivmsg, which...

GNU Glibc Vulnerable to Memory Corruption via Heap Buffer Overflow during 'assert()' Failure (CVE-2025-0395)

GNU Glibc contains a memory corruption vulnerability that overflows the heap buffer by one or several bytes. The corruption occurs when the assert function fails under specific conditions. Heap buffer overflows are known to result in severe damage to the program's confidentiality, integrity, and...

CVE-2022-50148

Consolidated details indicate CVE-2022-50148 is a Linux kernel issue affecting kernfs: __kernfs_remove may dereference NULL if lockdep is enabled, due to a dereference before checking kn (as noted in fs/kernfs/dir.c:1353). The vulnerability is mitigated by upstream fixes in kernel commits (e.g., ...

MAL-2025-4817 Malicious code in boost-static-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5ea6d07c816f16b0ce7ce7e7b952fa013034be54604e072cd3c500d9cc75e48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in boost-static-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5ea6d07c816f16b0ce7ce7e7b952fa013034be54604e072cd3c500d9cc75e48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-6352

A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert...

CVE-2025-37897

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlcmacrelease plfxlcmacrelease asserts that mac-lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used whe...

CVE-2025-37897 wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlcmacrelease plfxlcmacrelease asserts that mac-lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used whe...

EulerOS 2.0 SP12 : glibc (EulerOS-SA-2025-1417)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message stri...