592 matches found
Amazon Linux 2 : jackson (ALAS-2025-2934)
The version of jackson installed on the remote host is prior to 1.9.4-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2934 advisory. jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In...
libxml: Type confusion leads to Denial of service (DoS)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
USN-7010-2 dcmtk regression
USN-7010-1 fixed vulnerabilities in DCMTK. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into...
jackson-core can throw a StackoverflowError when processing deeply nested data
Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
HTTP Response Splitting
org.springframework:spring-web is vulnerable to HTTP Response Splitting. The vulnerability is due to improper input sanitization due to using unsanitized user-supplied input with non-ASCII charsets in ContentDisposition.BuilderfilenameString, Charset, allowing attackers to inject malicious conten...
UBUNTU-CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
VulnCheck KEV: CVE-2014-2383
dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2020-6976
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation...
CVE-2019-10984
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers...
CVE-2019-10978
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area...
CVE-2018-17201
Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
CVE-2025-30196 concerns Jenkins AnchorChain Plugin 1.0. The vulnerability arises because the plugin does not restrict URL schemes in links created from workspace content, allowing the javascript: scheme and enabling stored XSS when an attacker can control the input file for the Anchor Chain post-...
CVE-2025-25944
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4RtpAtom::AP4RtpAtom, during the execution of mp4fragment with a crafted MP4 input file...
CVE-2025-25947
An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file...
CVE-2025-25946
CVE-2025-25946 affects Bento4 v1.6.0-641. The issue is a memory leak exploitable via mp4encrypt, due to code in Ap4Marlin.cpp and Ap4Processor.cpp (AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process). A crafted MP4 input file triggers the leak. Affected components/files and ...