200 matches found
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
GHSA-3MC7-4Q67-W48M Uncontrolled Resource Consumption in snakeyaml
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
DEBIAN-CVE-2022-25857
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
CVE-2022-25857
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
PT-2022-6923 · Unknown +8 · Org.Yaml:Snakeyaml +8
Name of the Vulnerable Software and Affected Versions: org.yaml:snakeyaml versions 0 through 1.30 Description: The issue is related to a Denial of Service DoS vulnerability due to missing nested depth limitation for collections in the SnakeYAML library, which is used for serialization and...
GHSA-V8X6-59G4-5G3W Denial of service binding form from JSON in Play Framework
Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...
CVE-2022-31018 Denial of service binding form from JSON in Play Framework
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...
Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations
Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...
Denial of Service (DoS)
Overview org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Denial of Service DoS due to missing nested depth limitation for collections. NOTE: This vulnerability has also been identified as: CVE-2022-38749 Details Denial of Service D...
SUSE: Security Advisory (SUSE-SU-2015:0488-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-1898
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
Deserialization of untrusted data
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
CVE-2020-1898
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
CVE-2020-9243
HUAWEI Mate 30 with versions earlier than 10.1.0.150C00E136R5P3 have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service...
Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS
A JavaScript components vulnrability scanner, based on RetireJS. Why use JShole instead of RetireJS? By default, RetireJS only searches one page, but JShole tries to crawl all pages. How it works? Get Started Requirements requests Install git clone https://github.com/callforpapers-source/jshole.g...
Denial Of Service (DoS)
spring-data-commons is vulnerable to denial-of-service DoS attacks. The vulnerability exists due to the lack of sane limits of depths when parsing a PropertyPath value, allowing attackers to cause a DoS attack through CPU and memory consumption by specifying a path with a large amount of depth...
CVE-2018-9256
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth...
UBUNTU-CVE-2018-5336
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...
FreeBSD : bind -- denial of service vulnerability (ab3e98d9-8175-11e4-907d-d050992ecde8)
ISC reports : We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...
Windows Gather Directory Permissions Enumeration
This module enumerates directories and lists the permissions set on found directories. Please note: if the PATH option isn't specified, then the module will start enumerate whatever is in the target machine's %PATH% variable. This module requires Metasploit: https://metasploit.com/download Curren...