Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the SVGStartElement and ResizeQuantumMemory functions. An attacker can cause application crashes or resource exhaustion by submitting SVG files that trigger excessive memory allocation. PoC 1. Generate an SVG...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.5 Vulnerability Details CVEID:CVE-2025-30218 DESCRIPTION: Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the dprintcompinner function in the cp-demangle.c file while processing a crafted PE file. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted input file...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

SUSE CVE-2023-54086

In the Linux kernel, the following vulnerability has been resolved: bpf: Add preemptcountsub,add into btf id deny list The recursion check in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching trampoline to them we get panic as follows, 867.843050 BUG: TASK stack...

SUSE CVE-2025-68356

In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function newinode returns a new inode with inode-imapping-gfpmask set to GFPHIGHUSERMOVABLE. This value includes the GFPFS flag, so allocations in that address space can recurse into...

EUVD-2023-60359

In the Linux kernel, the following vulnerability has been resolved: bpf: Add preemptcountsub,add into btf id deny list The recursion check in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching trampoline to them we get panic as follows, 867.843050 BUG: TASK stack...

CVE-2023-54086

In the Linux kernel, the following vulnerability has been resolved: bpf: Add preemptcountsub,add into btf id deny list The recursion check in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching trampoline to them we get panic as follows, 867.843050 BUG: TASK stack...

CVE-2023-54086

The CVE targets the Linux kernel’s BPF trampoline handling. It describes a vulnerability where preempt_count_sub/add was left unprotected in __bpf_prog_enter_recur/__bpf_prog_exit_recur, causing panics and stack/IRQ guard page errors when trampolines are attached. The fix is to add these two func...

CVE-2023-54086 bpf: Add preempt_count_{sub,add} into btf id deny list

In the Linux kernel, the following vulnerability has been resolved: bpf: Add preemptcountsub,add into btf id deny list The recursion check in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching trampoline to them we get panic as follows, 867.843050 BUG: TASK stack...

CVE-2025-68356

CVE-2025-68356 describes a Linux kernel issue in gfs2 where new_inode() could set inode address space GFP masks to GFP_HIGHUSER_MOVABLE, potentially including __GFP_FS and allowing memory reclaim to recurse into filesystem code, risking stack usage and deadlocks. The fix is to remove __GFP_FS fro...

CVE-2025-68356 gfs2: Prevent recursive memory reclaim

In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function newinode returns a new inode with inode-imapping-gfpmask set to GFPHIGHUSERMOVABLE. This value includes the GFPFS flag, so allocations in that address space can recurse into...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

RockyLinux 9 : opentelemetry-collector (RLSA-2025:23729)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:23729 advisory. github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 Tenable has extracted the preceding...

AlmaLinux 10 : opentelemetry-collector (ALSA-2025:23664)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23664 advisory. github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 Tenable has extracted the preceding...

GO-2025-4245 Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr

Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr...

Security Bulletin: Multiple security vulnerability fixes in IBM webMethods Managed File Transfer On-Prem

Summary Multiple vulnerabilities were addressed as part of IBM webMethods Managed File Transfer on-prem in the latestfix MAT11.1ServerFix2 Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final...

kernel: mm: slub: avoid wake up kswapd in set_track_prepare

A deadlock lock recursion vulnerability exists in the linux kernel such that when CONFIGDEBUGOBJECTSTIMERS is set, may wake up kswapd in settrackprepare, and try to hold the percpuhrtimerbases lock...