CVE-2025-40151

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. This causes a oops when running bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1 Unable t...

CVE-2025-40151 LoongArch: BPF: No support of struct argument in trampoline programs

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. This causes a oops when running bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1 Unable t...

EUVD-2025-40151

Malicious code in cici-ubi83-riris npm...

CVE-2023-40151

creationtimestamp| type| source ---|---|--- 2025-10-15 04:50:00+00:00| seen| https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html 2025-10-16 04:34:03+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m3bwka3urn26...

MAL-2025-40151 Malicious code in yam-echo-zzfo (npm)

The package yam-echo-zzfo was found to contain malicious code...

Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.

Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...

Amazon Linux 2 : xstream (ALAS-2024-2464)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2464 advisory. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

CVE-2023-40151 Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

Security Bulletin: IBM Storage Protect Client and IBM Storage Protect for Space Management are vulnerable to denial of service due to CVEs in XStream (woodstox) (CVE-2022-40151, CVE-2022-40152)

Summary IBM Storage Protect Client and IBM Storage Protect for Space Management can be affected by security flaws in XStream woodstox. The flaws can lead to denial of service, as described in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is...

Security Bulletin: Vulnerabilities in XStream library affects IBM Engineering Test Management (ETM) (CVE-2022-40151)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: Vulnerability in XStream affects IBM Process Mining . CVE-2022-40151

Summary There is a vulnerability in XStream that could allow a remote authenticated attacker to cause a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40151...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to a denial of service attack due to FasterXML Woodstox

Summary FasterXML Woodstox is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML processor insfrastructure. Information about security vulnerabilities affecting FasterXML Woodstox has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xstream (SUSE-SU-2023:1673-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1673-1 advisory. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. I...

SUSE: Security Advisory (SUSE-SU-2023:1673-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.15, which is the only supported version, is impacted by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.16. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

SUSE CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2

Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

FreeBSD : security/keycloak -- Multiple possible DoS attacks (9d9e9439-959e-11ed-b464-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9e9439-959e-11ed-b464-b42e991fc52e advisory. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS...

XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...