Malicious Package

Overview react-devtools-extensions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview baas-admin-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview stitch-ui-toolbox is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview react-devtools-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview shop-minis-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2023-60382

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

EUVD-2023-60447

In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmallocarray/kvfree instead of kmallocarray/kfree The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmallocarray due to system memory fragmentation, while t...

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Summary Picklescan uses operator.attrgetter, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.attrgetter function in the reduce method. - Then,...

CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

UBUNTU-CVE-2022-50866

In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...

UBUNTU-CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54179

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha-hoststr' of size 16 may use index values 16..19. Use snprintf instead of sprintf...

CVE-2023-54259 soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54259

CVE-2023-54259 (Linux kernel, SoundWire bus) : Affects the soundwire: bus code where an unbalanced pm_runtime_put() could underflow the usage count. The root cause is that -EACCES errors when getting pm_runtime were ignored, and a final put was performed regardless. The fix reverts a previous cha...

CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

CVE-2022-50867 drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

CVE-2022-50867 drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

CVE-2022-50867

CVE-2022-50867 is resolved in the Linux kernel (drm/msm/a6xx). The issue centers on kvzalloc vs state_kcalloc usage in adreno_show_object(), which reallocates the passed pointer on the first call when data is ascii85 encoded, via kvmalloc/kvfree. This caused a memory leak that was previously pres...