MAL-2025-2576 Malicious code in momo-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 81d74db94da3274b3d9b70e5de7f5b926c9c1af17a6d2a6b733d63a4cbacdf41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

alsa-lib bug fix and enhancement update

An update is available for alsa-lib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

onos-lib-go allows an index out-of-range panic

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits...

onos-lib-go 输入验证错误漏洞

onos-lib-go is an open source library of utilities and convenience programs for developing µONOS components in Go from the µONOS Project. A security vulnerability exists in onos-lib-go version 0.10.28, which stems from an asn1/aper GetBitString that can cause an index out-of-bounds panic when...

CVE-2025-30077

CVE-2025-30077 affects Open Networking Foundation’s ONOS ONOS-lib-go (v0.10.28). The vulnerability is an index out-of-range panic in asn1/aper GetBitString caused by a zero value for numBits, which can crash the process (availability impact). An external document notes a PoC exists. The connected...

MAL-2025-2356 Malicious code in adl-commons-lib-node-pp-parameter-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c31f2a945e64c66f470f0fd05f5096d25dccd70f1efe9f48eefc252686506e7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in layouts-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 668d31349d49bb3ffdf31cb641b2829be6ffcae92877d17241a593565a0dddb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2225 Malicious code in layouts-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 668d31349d49bb3ffdf31cb641b2829be6ffcae92877d17241a593565a0dddb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2024-50205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is...

Linux Distros Unpatched Vulnerability : CVE-2022-49248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f ALSA: firewire-lib: Ad...

json-lib: Mishandling of an unbalanced comment string in json-lib

A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.17. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

json-lib: Mishandling of an unbalanced comment string in json-lib

A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Malicious code in @ag2rlamondiale/ag2rlm-lib (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1587 Malicious code in fb-components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0a156cc9bbfceeb92efaaf503c32f71145adbcafa68aa571a5eb055eea23590 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-49248

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f "ALSA: firewire-lib: Add support for deferred transaction" while 'deferrable' flag can be...

DEBIAN-CVE-2022-49248

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f "ALSA: firewire-lib: Add support for deferred transaction" while 'deferrable' flag can be...

CVE-2022-49248

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f "ALSA: firewire-lib: Add support for deferred transaction" while 'deferrable' flag can be...

CVE-2022-49248

CVE-2022-49248 relates to the Linux kernel ALSA: firewire-lib, where the deferrable AV/C transaction flag could be left uninitialized for non-control/notify AV/C transactions. UBSAN reported an invalid-load in fcp.c when handling AV/C responses, with the status flag being read as a boolean. The i...