Author Archives: Syndicated News

Information published. Continue reading CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.→

Information published. Continue reading CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.→

Information published. Continue reading CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction→

Information published. Continue reading CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.→

Information published. Continue reading CVE-2026-21620 TFTP Path Traversal→

Information published. Continue reading CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse→

Information published. Continue reading CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check→

Information published. Continue reading CVE-2026-27199 Werkzeug safe_join() allows Windows special device names→