Lucene search
K

433 matches found

Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.4 views

PT-2022-20224 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Decoder.Decode function in the encoding/gob package. This allows an attacker to cause a panic due to stack exhaustion ...

9.8CVSS7.1AI score0.10299EPSS
Exploits15References378
Github Security Blog
Github Security Blog
added 2022/06/17 12:18 a.m.25 views

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

3.6AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/18 1:29 a.m.5 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
Veracode
Veracode
added 2022/05/07 2:3 a.m.71 views

Authentication Bypass

firefox is vulnerable to authentication bypass. An attacker with the document in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS3.2AI score0.00848EPSS
Exploits0References6Affected Software6
RedHat Linux
RedHat Linux
added 2022/05/04 12:11 p.m.1 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/04 11:20 a.m.1 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/03/05 8:15 p.m.9 views

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

7.5CVSS7.3AI score0.03255EPSS
Exploits0References8
RustSec
RustSec
added 2022/01/01 12:0 p.m.15 views

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

3.6AI score
Exploits0
OSV
OSV
added 2021/12/07 10:15 p.m.4 views

DEBIAN-CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.8AI score0.03206EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.29 views

CentOS 8 : dovecot (CESA-2020:3713)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3713 advisory. - dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 - dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673 ...

7.5CVSS6.8AI score0.06187EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2020/09/14 12:48 p.m.58 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.8AI score0.06187EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2020/09/14 12:0 a.m.34 views

CentOS 7 : dovecot (RHSA-2020:3617)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. - In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource...

7.5CVSS6.7AI score0.06187EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2020/09/03 12:0 a.m.23 views

RHEL 7 : dovecot (RHSA-2020:3617)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS6.9AI score0.06187EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.26 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2019-0072)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an...

7.5CVSS6.4AI score0.1425EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/12/28 12:0 a.m.29 views

EulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2018-1422)

According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - xerces-c: Stack overflow when parsing deeply nested DTD CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description...

7.5CVSS6.5AI score0.1425EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/11/06 4:24 p.m.4 views

xerces-c: Stack overflow when parsing deeply nested DTD

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

7.5CVSS7.3AI score0.1425EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/06 3:50 p.m.2 views

xerces-c: Stack overflow when parsing deeply nested DTD

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

7.5CVSS7.3AI score0.1425EPSS
Exploits0References5
NVD
NVD
added 2018/05/31 8:29 p.m.20 views

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS7.9AI score0.01286EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/01 12:0 a.m.4 views

Apache xerces-c stack buffer overflow vulnerability

Apache Xerces is an XML syntax parser from the Apache Software Foundation in the U.S. Apache Xerces-C is its language version. A stack buffer overflow vulnerability exists in xerces-c because the program fails to properly parse deeply nested DTDs, which can be exploited by a remote attacker to...

7.5CVSS9.7AI score0.1425EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/04 12:0 a.m.4 views

Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...

5.9CVSS7.5AI score0.01354EPSS
Exploits0References1
Rows per page
Query Builder