Lucene search
+L

592 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.7 views

Amazon Linux 2 : jackson (ALAS-2025-2934)

The version of jackson installed on the remote host is prior to 1.9.4-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2934 advisory. jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In...

8.7CVSS7.2AI score0.00634EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/07/30 7:14 a.m.4 views

libxml: Type confusion leads to Denial of service (DoS)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

9.1CVSS7.1AI score0.01437EPSS
Exploits0References5
OSV
OSV
added 2025/07/08 5:47 a.m.2 views

USN-7010-2 dcmtk regression

USN-7010-1 fixed vulnerabilities in DCMTK. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into...

7.5CVSS7.1AI score0.01633EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/06/27 3:22 p.m.10 views

jackson-core can throw a StackoverflowError when processing deeply nested data

Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input...

8.7CVSS6.2AI score0.00634EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/06/25 5:2 p.m.15 views

CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

8.7CVSS0.00634EPSS
Exploits0References2
OSV
OSV
added 2025/06/25 5:2 p.m.8 views

CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

8.7CVSS6.9AI score0.00634EPSS
Exploits0References4
Veracode
Veracode
added 2025/06/17 9:40 a.m.4 views

HTTP Response Splitting

org.springframework:spring-web is vulnerable to HTTP Response Splitting. The vulnerability is due to improper input sanitization due to using unsanitized user-supplied input with non-ASCII charsets in ContentDisposition.BuilderfilenameString, Charset, allowing attackers to inject malicious conten...

6.5CVSS6.2AI score0.00533EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/06/16 4:15 p.m.4 views

UBUNTU-CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

9.1CVSS6.7AI score0.01437EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.8 views

VulnCheck KEV: CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in...

6.8CVSS5.9AI score0.39231EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.10 views

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

5.4CVSS5.4AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:46 p.m.11 views

CVE-2020-6976

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation...

5.5CVSS7AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.11 views

CVE-2019-10984

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers...

7.8CVSS7AI score0.01002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:52 a.m.13 views

CVE-2019-10978

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area...

7.8CVSS7AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:29 a.m.13 views

CVE-2018-17201

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...

7.5CVSS6.9AI score0.01931EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/19 6:30 p.m.22 views

Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...

6.5CVSS5.4AI score0.00274EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 3:38 p.m.10 views

CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...

5.4AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2025/03/19 3:38 p.m.74 views

CVE-2025-30196

CVE-2025-30196 concerns Jenkins AnchorChain Plugin 1.0. The vulnerability arises because the plugin does not restrict URL schemes in links created from workspace content, allowing the javascript: scheme and enabling stored XSS when an attacker can control the input file for the Anchor Chain post-...

6.5CVSS5.4AI score0.00274EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/21 12:24 a.m.15 views

CVE-2025-25944

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4RtpAtom::AP4RtpAtom, during the execution of mp4fragment with a crafted MP4 input file...

7.3CVSS7.6AI score0.00232EPSS
Exploits1References1
NVD
NVD
added 2025/02/19 11:15 p.m.31 views

CVE-2025-25947

An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file...

5.5CVSS0.00207EPSS
Exploits1References1
CVE
CVE
added 2025/02/19 12:0 a.m.69 views

CVE-2025-25946

CVE-2025-25946 affects Bento4 v1.6.0-641. The issue is a memory leak exploitable via mp4encrypt, due to code in Ap4Marlin.cpp and Ap4Processor.cpp (AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process). A crafted MP4 input file triggers the leak. Affected components/files and ...

5.5CVSS6.6AI score0.00207EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder