CVE-2022-49086

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from the openvswitch module not freeing memory when handling nested actions, potentially leading to a memory leak...

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

Release Information for Proxmox Virtual Environment Plug-In v12.1.3.217

Update: 2025-03-19 Consider the following regarding the Proxmox Virtual Environment Plug-In: The Plug-in build on this page, 12.1.3.217, is included automatically when upgrading to or installing Veeam Backup & Replication 12.3.1. The Plug-in only needs to be manually deployed by customers still...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.12 (RHSA-2025:1747)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1747 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

OESA-2025-1144 protobuf security update

Protocol Buffers a.k.a., protobuf are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site. Security Fixes: Any project that parses untrusted Protocol Buffers data containing an...

DEBIAN-CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

SUSE CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

sqlparse: parsing heavily nested list leads to denial of service

A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...

PT-2025-10071

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel's KVM Kernel-based Virtual Machine implementation allows the guest's DR6 value to be clobbered when the guest modifies DR6 and then a fastpath VM-Exit occurs...

CVE-2023-20582

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry PTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity...

CVE-2023-20582

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry PTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory Ignore nCR34:0 when loading PDPTEs from memory for nested SVMs. When PAE paging is used, the bits 4:0 of the CR3 register are ignored, and thus VMRUN does not enforce a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation. Each attribute within a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo. Therefore, the size of such an attribute must be at least sizeofstruct...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Acquiring kvm-srcu when handling KVMSETVCPUEVENTS Acquire kvm-srcu when processing KVMSETVCPUEVENTS. When SMM mode is toggled, KVM will forcibly leave the nested VMX/SVM state. Leaving such a state also results in...

PT-2025-6395 · Amd · Sev-Snp

Name of the Vulnerable Software and Affected Versions: SEV-SNP affected versions not specified Description: The issue is related to the improper handling of invalid nested page table entries in the IOMMU, which may allow a privileged attacker to induce page table entry PTE faults. This could...

AMD Server Processor 安全漏洞

AMD Server Processor is a processor product for the server market from UltraMicro Semiconductor AMD that is primarily used in data centers, cloud computing, and high-performance computing. A security vulnerability exists in AMD Server Processor that stems from the improper handling of invalid...

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2025-1190)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.CVE-2024-3415...