AZL-70580 CVE-2025-61661 affecting package grub2 for versions less than 2.06-26

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

Missing Release of Memory after Effective Lifetime

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the decodedefinitelongstring function in source/decoder.c file An attacker can cause process crashes or exhaust system memory...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

AZL-70516 CVE-2025-64076 affecting package python-cbor2 5.6.5-2

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB that stems from improper handling of USB device string conversion, which could result in a denial of service or data corruption...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

A Unified Compositional View of Attack Tree Metrics

Attack trees ATs are popular graphical models for reasoning about the security of complex systems, allowing for the quantification of risk through so-called AT metrics. A large variety of different such AT metrics have been proposed, and despite their wide-spread practical use, no systematic...

PT-2025-47379

Name of the Vulnerable Software and Affected Versions GRUB affected versions not specified Description A flaw exists in the GRUB bootloader due to improper handling of string conversion when processing information from a USB device. Specifically, the bootloader is susceptible to inconsistent leng...

EUVD-2025-198054

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

PT-2025-47374

Name of the Vulnerable Software and Affected Versions cbor2 versions through 5.7.0 Description The cbor2 software contains issues in the decode definite long string function within the C extension decoder source/decoder.c. An integer underflow can lead to an out-of-bounds read, and a memory leak...

curl: Off-by-One Buffer Overflow in SMB Path Handler

Summary Found an off-by-one buffer overflow in lib/smb.c when handling SMB file paths. The bounds check uses instead of =, allowing a path of exactly 1023 bytes to overflow the 1024-byte buffer by one byte when the null terminator is added. Details File: lib/smb.c Function: smbsendopen Lines: 784...

OESA-2025-2686 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

Cross-site Scripting (XSS)

Overview vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

EUVD-2025-179348

Malicious code in delta-string-enum-thread-uglify npm...

Malicious code in tachyon-string-version-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0fdfc74478a9afbba79d8616c10a0a83eb890f0f6898259eec91b20c796be2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178290

Malicious code in java-short-string-java-yaml npm...

EUVD-2025-179137

Malicious code in encrypt-meta-authenticate-log-string npm...

EUVD-2025-177954

Malicious code in markdown-nconf-string-xerxes npm...