CVE-2023-53208 KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

CVE-2023-53208 KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

CVE-2025-10224

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

CVE-2025-10224

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

CVE-2025-10224

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

CVE-2025-10224

The CVE-2025-10224 entry concerns AxxonSoft Axxon One (C-Werk) prior to or equal to 2.0.2 on Windows, where the LDAP authentication engine improperly evaluates nested LDAP group memberships. This allows a remote authenticated user to be denied access or receive misassigned roles during login. The...

CVE-2025-10224 Incorrect Evaluation of LDAP Nested Groups during Login in AxxonSoft Axxon One (C-Werk)

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

CVE-2025-10224 Incorrect Evaluation of LDAP Nested Groups during Login in AxxonSoft Axxon One (C-Werk)

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

PT-2025-37043

Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions 2.0.2 and earlier Description: The LDAP authentication engine in AxxonSoft Axxon One has an improper authentication issue. A remote authenticated user may be denied access or misassigned roles due to incorrect...

EulerOS 2.0 SP10 : polkit (EulerOS-SA-2025-2108)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

EulerOS 2.0 SP10 : polkit (EulerOS-SA-2025-2080)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2025-2021)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-36331

Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity...

CVE-2024-36331

CVE-2024-36331 is an issue in the Linux kernel affecting SEV-SNP memory integrity when a privileged attacker with hypervisor access can exploit improper CPU cache initialization to overwrite guest memory. Public sources in connected docs (Ubuntu USN advisories USN-7880-1, USN-7879-1, USN-7934-1; ...

CVE-2024-36331

Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity...

CLSA-2025-1757017511 protobuf: Fix of CVE-2024-7254

CVE-2024-7254: prevent stack overflow by limiting recursion depth when parsing nested Protocol Buffers data...

x86/sev: Evict cache lines during SNP memory validation

...

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...