3993 matches found
UBUNTU-CVE-2025-23141
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...
CVE-2025-37789 net: openvswitch: fix nested key length validation in the set() action
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...
CVE-2025-37789 net: openvswitch: fix nested key length validation in the set() action
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...
CVE-2025-37789
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper validation of nested key lengths in openvswitch...
Confidential Serverless Computing
Although serverless computing offers compelling cost and deployment simplicity advantages, a significant challenge remains in securely managing sensitive data as it flows through the network of ephemeral function executions in serverless computing environments within untrusted clouds. While...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the search function. An attacker can occupy excessive system resources by passing a malicious string with nested groups as the query parameter. PoC https://xxxx.sso.com/search?query=.11...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
Denial Of Service (DoS)
Elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded recursion due to improper handling of deeply nested GeometryCollection objects in Well-Known Text WKT format, which allows attackers to craft specially formatted input that triggers a stack overflow and...
CVE-2025-43708
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set2' is used, aka an "insecure deserialization" issue...
VisiCut 安全漏洞
VisiCut is a tool from the personal developer Thomas Oster. A security vulnerability exists in VisiCut version 2.1, which stems from the fact that XML documents with nested set elements can lead to stack consumption, such as unsafe deserialization issues...
Important: libxslt
Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...
PT-2025-18469
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the openvswitch component. The issue concerns the validation of nested key length in the set action, where it is no...
SUSE CVE-2025-32387
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...
GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts
In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...
CVE-2024-52981
An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow. Impact A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack...
CVE-2025-32387
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3. Mitigation T...