433 matches found
PT-2022-20224 · Go +9 · Go +9
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Decoder.Decode function in the encoding/gob package. This allows an attacker to cause a panic due to stack exhaustion ...
Stack overflow in rustc_serialize when parsing deeply nested JSON
When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Authentication Bypass
firefox is vulnerable to authentication bypass. An attacker with the document in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
CVE-2022-24921
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...
Stack overflow in rustc_serialize when parsing deeply nested JSON
When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...
DEBIAN-CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
CentOS 8 : dovecot (CESA-2020:3713)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3713 advisory. - dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 - dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673 ...
Important: Red Hat Security Advisory: dovecot security update
An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CentOS 7 : dovecot (RHSA-2020:3617)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. - In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource...
RHEL 7 : dovecot (RHSA-2020:3617)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...
NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2019-0072)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an...
EulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2018-1422)
According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - xerces-c: Stack overflow when parsing deeply nested DTD CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description...
xerces-c: Stack overflow when parsing deeply nested DTD
A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...
xerces-c: Stack overflow when parsing deeply nested DTD
A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...
CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
Apache xerces-c stack buffer overflow vulnerability
Apache Xerces is an XML syntax parser from the Apache Software Foundation in the U.S. Apache Xerces-C is its language version. A stack buffer overflow vulnerability exists in xerces-c because the program fails to properly parse deeply nested DTDs, which can be exploited by a remote attacker to...
Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)
Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...