grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-08319)

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from a failure to properly account for the length of an environment variable when copying user-controlled environment variable data to an internal buffer, resulting in an...

CVE-2025-22870

A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NOPROXY environment variable. Mitigation Mitigation for this issue is either not available or the currently available...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

Arbitrary Command Injection

Overview basicsr is an Open Source Image and Video Super-Resolution Toolbox Affected versions of this package are vulnerable to Arbitrary Command Injection through the execution of scontrol show hostname in an environment where the SLURMNODELIST variable is manipulated. Remediation There is no...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

CVE-2024-27763

CVE-2024-27763 affects XPixelGroup BasicSR up to version 1.4.2. The issue arises from how a crafted SLURM_NODELIST input is handled when running scontrol show hostname, which can locally allow code execution. The CVSS vector indicates a Local attack with Low privileges required and no user intera...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

CVE-2024-12604

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025...

CVE-2024-12604

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App: before V.1.025...

OESA-2025-1232 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the...

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Linux Distros Unpatched Vulnerability : CVE-2024-2700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build,...

Linux Distros Unpatched Vulnerability : CVE-2022-41946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...