EulerOS 2.0 SP13 : protobuf (EulerOS-SA-2025-2307)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups,...

EulerOS 2.0 SP13 : protobuf (EulerOS-SA-2025-2275)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups,...

Security Bulletin: vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT

Summary vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in...

SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2025:3722-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3722-1 advisory. - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or...

IBM DOORS Next Generation multiple vulnerabilities

RISK EVALUATION IBM Engineering Requirements Management DOORS contains multiple vulnerabilities that require authentication. These vulnerabilities include the ability to cause an application denial of service and JavaScript execution in the victim's browser through stored cross site scripting...

SUSE CVE-2025-11896

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

Security Bulletin: Security Vulnerabilities in Java libraries affect IBM Voice Gateway

Summary Multiple vulnerabilities were addressed in IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

Security Bulletin: Vulnerability in Apache Commons Lang (CVE-2025-48924) affects IBM PowerVM Novalink.

Summary Apache Commons Lang is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting...

CVE-2025-11896

A flaw was found in Xpdf. A PDF object loop in a CMap, via the "UseCMap" entry leads to an infinite recursion and a stack overflow, resulting in an application crash...

kernel: eventpoll: Fix semi-unbounded recursion

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

RHEL 10 : kernel (RHSA-2025:18318)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18318 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: KVM: x86/hyper-v: Skip...

Oracle Linux 10 : kernel (ELSA-2025-18318)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-18318 advisory. - scsi: lpfc: Fix buffer free/clear order in deferred receive path CKI Backport Bot RHEL-119125 CVE-2025-39841 - efivarfs: Fix slab-out-of-bounds in...

CVE-2025-61301

CVE-2025-61301 affects CAPEv2; the denial-of-analysis occurs in reporting/mongodb.py and reporting/jsondump.py (commit 52e4b43, 2025-05-17). Deeply nested or oversized behavior data can cause MongoDB BSON limits or orjson recursion errors when a sample runs in the sandbox, leading to incomplete o...

CAPE 安全漏洞

CAPE is a malware sandbox by the individual developer Kevin OReilly. CAPE has a security vulnerability that stems from an analysis denial vulnerability in reporting/mongodb.py and reporting/jsondump.py, which allows an attacker to submit samples to generate deeply nested or oversized behavioral...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

RLSA-2025:17760 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 kernel: eventpoll: Fix semi-unbounded recursion CVE-2025-38614 kernel: ALSA: usb-audio: Validate UAC3 cluster segment...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

JLSEC-2025-91 Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a lo...

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

OESA-2025-2480 poppler security update

is a PDF rendering library. Security Fixes: Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in...

Security Bulletin: IBM Application Modernization Accelerator Developer Tools is affected by an Uncontrolled Recursion vulnerability due to Apache Commons Lang (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Application Modernization Accelerator Developer Tools. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...