Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

UBUNTU-CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

SUSE CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1 that stems from stack exhaustion due to deep symbolic link nesting in squashfs...

CVE-2024-57257

CVE-2024-57257 describes a stack consumption issue in sqfs_size in Das U-Boot prior to 2025.01-rc1 triggered by a crafted squashfs filesystem with deep symlink nesting. The vulnerability affects Das U-Boot’s handling of SquashFS structures and may lead to stack exhaustion. Connected sources confi...

CVE-2024-57257

A stack consumption issue in sqfssize in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.6.27

Logging for Red Hat OpenShift - 5.6.27 Logging for Red Hat OpenShift - 5.6.27 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.8.16

Logging for Red Hat OpenShift - 5.8.16 Logging for Red Hat OpenShift - 5.8.16 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875...

CVE-2024-48875

In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...

PT-2026-5506

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc1+git Description The Linux kernel contains a flaw related to interrupt handling. Specifically, the issue involves dropping the IRQF NO THREAD flag in the counter module, potentially leading to a BUG:...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.6

Red Hat OpenShift Service Mesh Containers for 2.5.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

dompurify: nesting-based mutation XSS vulnerability

A flaw was found in DOMPurify that could allow for a nesting-based mXSS to not be properly sanitized...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 dompurify:...

Twig has unguarded calls to `__toString()` when nesting an object into an array

Description In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. Resolution The sandbox mode now checks the toString meth...

kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning

A flaw incorrect memory access in the Linux kernel Mellanox network Ethernet or RDMA device driver was found. A local user could use this flaw to crash the system...