Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990564)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990564 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch...

PT-2025-45339

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 through 2025.3.5.0 Description A flaw in access control allows a View-only user to access sensitive, deeply nested data, specifically custom values within password lists, potentially leading to password...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988997)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988997 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989806 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualizati...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989144 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990119)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990119 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988815 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988623 advisory. Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF...

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment TEE in a computer's main processor, including Intel's Software Guard eXtension...

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

Security Bulletin: vulerability in IBM Spectrum Symphony with Elasticsearch

Summary vulerability in IBM Spectrum Symphony with Elasticsearch Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION: A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. CWE:CWE-400:...

EUVD-2023-60018

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix error code of return in mt7921acpiread Kernel NULL pointer dereference when ACPI SAR table isn't implemented well. Fix the error code of return to mark the ACPI SAR table as invalid. 5.077128 mt7921e...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch...

EUVD-2025-35111

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

CVE-2025-61301

CVE-2025-61301 affects CAPEv2; the denial-of-analysis occurs in reporting/mongodb.py and reporting/jsondump.py (commit 52e4b43, 2025-05-17). Deeply nested or oversized behavior data can cause MongoDB BSON limits or orjson recursion errors when a sample runs in the sandbox, leading to incomplete o...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

Physical Address Bit Leakage on AMD SEV-SNP Systems

Revisions Revision Date| Description ---|--- 2025-10-20| Initial publication...