jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

FasterXML jackson-core 安全漏洞

FasterXML jackson-core is a FasterXML open source API software. A security vulnerability exists in FasterXML jackson-core versions prior to 2.15.0, which stems from a potential stack overflow when processing deeply nested data...

SUSE CVE-2022-49936

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

SUSE CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

DEBIAN-CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

DEBIAN-CVE-2022-49936

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

UBUNTU-CVE-2022-49936

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

UBUNTU-CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the USB kernel not preventing nested device reset calls, which could lead to a recursive locking violation...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the KVM x86 mmu not treating NX as an NPT valid bit, which could result in a reserved bit set warning...

A Nested Watermark for Large Language Models

The rapid advancement of large language models LLMs has raised concerns regarding their potential misuse, particularly in generating fake news and misinformation. To address these risks, watermarking techniques for autoregressive language models have emerged as a promising means for detecting...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Astra Linux – Vulnerability in libxslt

In numbers.c in libxslt before version 1.1.43, there is a use-after-free issue. This occurs because, in nested XPath evaluations, an XPath context node can be modified but cannot be restored. This issue is related to the functions xsltNumberFormatGetValue, xsltEvalXPathPredicate,...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Avoid unnecessary device replacement check Hot-removal of nested PCI hotplug ports suffers from a long-standing race condition which can lead to a deadlock: A parent hotplug port acquires pcilockrescanremove, then...

Astra Linux – Vulnerability in protobuf

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups/series of SGROUP tags can be corrupted due to exceeding the stack limit, i.e., StackOverflow. Parsing nested groups as unknown fields using the DiscardUnknownFieldsParser or the Java Protobuf...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Misc: Microchip: PCI1xxxx – Resolve kernel panic during GPIO IRQ handling This issue resolves the kernel panic caused by improper handling of IRQs when accessing GPIO values. This is achieved by replacing the generichandleirq...

Astra Linux – Vulnerability in Thunderbird

Thunderbird’s handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By creating a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2025-1621)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2025-1600)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never...