CVE-2025-9624

OpenSearch CVE-2025-9624: A DoS vulnerability via complex query_string inputs affects OpenSearch 3.0.0–3.2.x and OpenSearch

java-25-openjdk security update

An update is available for java-25-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime...

RLSA-2025:21485 Moderate: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 JDK: Enhance String Handling CVE-2025-61748 For more details about...

RockyLinux 10 : java-25-openjdk (RLSA-2025:21485)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21485 advisory. JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 JDK: Enhance String Handling CVE-2025-61748 Tenable has...

OpenSearch 安全漏洞

OpenSearch is a distributed search and analysis software from OpenSearch open source. A security vulnerability exists in OpenSearch versions prior to 3.2.0 that stems from improper handling of complex querystring inputs, which could lead to a denial of service attack...

CLSA-2025-1763989962 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2025-38352 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-url: https://ubuntu.com/security/CVE-2022-25265 - x86/elf: Add table to document READIMPLIESEXEC - x86/elf: Split READIMPLIESEXEC from executable PTGNUSTACK -...

USN-7885-1: OpenJDK 21 vulnerabilities

Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...

PT-2025-48138

Name of the Vulnerable Software and Affected Versions glib affected versions not specified Description A heap-based buffer overflow issue exists in glib due to an incorrect buffer size calculation within the g escape uri string function. When processing a string containing a substantial number of...

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

SUSE CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

SUSE CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

EUVD-2025-198081

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

DEBIAN-CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

AZL-70580 CVE-2025-61661 affecting package grub2 for versions less than 2.06-26

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

Missing Release of Memory after Effective Lifetime

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the decodedefinitelongstring function in source/decoder.c file An attacker can cause process crashes or exhaust system memory...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

AZL-70516 CVE-2025-64076 affecting package python-cbor2 5.6.5-2

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB that stems from improper handling of USB device string conversion, which could result in a denial of service or data corruption...