Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 6.1-rc6 and prior versions, which stems from a race condition in its x86 KVM subsystem that allows guest operating system users ...

CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...

CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

[SECURITY] [DLA 3207-1] jackson-databind security update

Debian LTS Advisory DLA-3207-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 27, 2022 https://wiki.debian.org/LTS Package : jackson-databind Version : 2.9.8-3+deb10u4 CVE ID : CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 Debian Bug : 1007109 Several fla...

qs 安全漏洞

ljharb qs is a query string parser with nesting support by the individual developer Jordan Harband in the United States. A security vulnerability exists in versions prior to qs 6.10.3, which stems from parse ignoring the proto key, and can be exploited by an attacker to place an attack payload in...

CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

Design/Logic Flaw

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

CLSA-2022-1669241224 Fix CVE(s): CVE-2022-42012, CVE-2022-42011, CVE-2022-42010, CVE-2020-35512

SECURITY UPDATE: Use-after-free in access control-related hash tables - debian/patches/CVE-2020-35512.patch: use reference counting for DBusUserInfo and DBusGroupInfo structures. - CVE-2020-35512 SECURITY UPDATE: Crash or incorrect parsing a signature with wrongly nested '' and '' -...

PT-2022-6256 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 6.1-rc6 Description: A race condition in the x86 KVM subsystem allows guest OS users to cause a denial of service, resulting in a host OS crash or host OS memory corruption when nested virtualisation and the TDP...

CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

Exploit for Uncontrolled Recursion in Owasp Modsecurity

Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...

kernel: net: openvswitch: fix leak of nested actions

A flaw was found in the Open vSwitch module in the Linux kernel. Improper handling of allocated memory can lead to a memory leak, potentially impacting system performance and resulting in a denial of service...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...