The vulnerability of the systemd-tmpfiles file of the Systemd initialization and service management subsystem allows a attacker to cause a service failure.

The vulnerability of the systemd-tmpfiles subsystem, which is part of the Systemd service initialization and management mechanism, stems from recursion. This occurs when too many nested directories are created in /tmp. Exploiting this vulnerability could allow an attacker to cause a service failu...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from nested mirror calls...

Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

GHSA-W5GG-2Q56-6H4F Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

CVE-2024-23450

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

UBUNTU-CVE-2024-23450

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

CVE-2024-23450 Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

GHSA-F5X3-32G6-XQ36 Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

kernel: KVM: nVMX: missing consistency checks for CR0 and CR4

A flaw was found in the KVM's Intel nested virtualization feature nVMX. The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances i.e., kvmintel module loaded with parameters nested=1 and ept=0 this could allow a malicious guest ...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

USN-6699-1: Linux kernel vulnerabilities

Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service guest crash. CVE-2023-30456 It was discovered that the...

[SECURITY] Fedora 40 Update: picocli-4.7.4-5.fc40

Picocli is a modern library and framework, written in Java, that contains both an annotations API and a programmatic API. It features usage help with ANSI colors and styles, TAB auto-completion and nested sub-commands. In a single file, so you can include it in source form. This lets users run...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

BIT-VAULT-2020-10661

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4...

BIT-GITLAB-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

BIT-MYSQL-CLIENT-2021-46662

MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...

BIT-MARIADB-2021-46662

MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...

BIT-GOLANG-2022-1962 Stack exhaustion due to deeply nested types in go/parser

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

BIT-GOLANG-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

BIT-GOLANG-2022-28131 Stack exhaustion from deeply nested XML documents in encoding/xml

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...