CVE-2025-61661

CVE-2025-61661 affects the GRUB2 bootloader. The vulnerability stems from the USB string conversion handling, allowing a local attacker with a malicious USB device connected during boot to trigger inconsistent length values, potentially crashing GRUB (DoS) and possibly causing data corruption (im...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

PyTorch torch.nn.utils.rnn.pad_packed_sequence memory corruption

...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.48 CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905...

Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13 CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

octeontx2-pf: Fix SQE threshold checking

...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

RHEL 7 : kernel (RHSA-2025:21063)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21063 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: fix...

Malicious code in maman-lutis67-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 965b69f16e0b9210848b9cca55f575362412c76e1c2a3c45a68f419c4ee212c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

kernel: rseq: Fix segfault on registration when rseq_cs is non-zero

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseqcs is non-zero The rseqcs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault ...

EUVD-2025-50829

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the flow.eyen function. An attacker can trigger a segmentation fault by adding a Python sequence to the native code. PoC python import oneflow as flow diag = 1.0, 2.0, 3.0 tensor = flow.eye3 + diag...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

PT-2025-46198

Name of the Vulnerable Software and Affected Versions OneFlow version 0.9.0 Description A flaw exists in input validation within OneFlow version 0.9.0. This issue allows attackers to trigger a segmentation fault by adding a Python sequence to native code during broadcasting or type conversion. Th...

CVE-2025-63397

OneFlow v0.9.0 is affected by an improper input validation vulnerability that can cause a segmentation fault when a Python sequence is added to native code during broadcasting/type conversion. Root cause is insufficient checks on user-supplied input. Reported across multiple sources (nvd, Red Hat...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...