Lucene search
K

58 matches found

OSV
OSV
added 2025/08/19 5:3 p.m.10 views

CVE-2025-38614 eventpoll: Fix semi-unbounded recursion

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

5.5CVSS6.1AI score0.00153EPSS
Exploits0References13
CVE
CVE
added 2025/08/19 5:3 p.m.49 views

CVE-2025-38614

The CVE-2025-38614 entry describes a Linux kernel vulnerability in eventpoll where recursion depth in ep_loop_check_proc() could form deep trees and trigger semi-unbounded recursion. The root cause involved two shortcomings: (1) the depth checks did not consider upward paths, and (2) multiple dow...

5.5CVSS7AI score0.00153EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2025/06/30 1:16 p.m.4 views

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References6
OSV
OSV
added 2025/06/25 5:2 p.m.7 views

CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

8.7CVSS6.9AI score0.00634EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.2 views

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References6
Debian
Debian
added 2023/08/07 7:53 p.m.15 views

[SECURITY] [DLA 3520-1] libhtmlcleaner-java security update

Debian LTS Advisory DLA-3520-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 07, 2023 https://wiki.debian.org/LTS Package : libhtmlcleaner-java Version : 2.21-5+deb10u1 CVE ID : CVE-2023-34624 A security vulnerability has been discovered in...

7.5CVSS7AI score0.01048EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.19 views

EulerOS Virtualization 3.0.6.6 : expat (EulerOS-SA-2023-2422)

According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD...

9.8CVSS7.6AI score0.04781EPSS
Exploits1References4
Veracode
Veracode
added 2023/06/23 3:57 a.m.31 views

Denial Of Services (DoS)

flexjson is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nesting depth checks in the library, allowing an attacker to cause an application crash by passing a maliciously crafted JSON string...

7.5CVSS6.6AI score0.01175EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/15 9:3 a.m.6 views

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS6.9AI score0.01119EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.5 views

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

7.5CVSS6.7AI score0.0486EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/30 12:0 a.m.7 views

SnakeYAML 资源管理错误漏洞

SnakeYAML is a Java-based YAML parser. A security vulnerability exists in SnakeYAML 1.31 and earlier versions, which stems from a denial of service DoS issue due to the lack of a nesting depth limit for collections...

7.5CVSS8.9AI score0.02191EPSS
Exploits2References27
Microsoft CVE
Microsoft CVE
added 2022/08/16 7:0 a.m.4 views

Stack exhaustion from deeply nested XML documents in encoding/xml

...

7.5CVSS7.4AI score0.01875EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/02/25 8:0 a.m.4 views

In Expat (aka libexpat) before 2.4.5 an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

...

6.5CVSS6.9AI score0.03268EPSS
Exploits0
OSV
OSV
added 2022/02/18 5:15 a.m.3 views

DEBIAN-CVE-2022-25313

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

6.5CVSS6.5AI score0.03268EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/02/18 5:15 a.m.60 views

CVE-2022-25313

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

6.5CVSS6.8AI score0.03268EPSS
Exploits0References3
OSV
OSV
added 2022/02/18 5:15 a.m.5 views

UBUNTU-CVE-2022-25313

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

6.5CVSS6.7AI score0.03268EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/02/18 4:23 a.m.24 views

CVE-2022-25313

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

8.1AI score0.03268EPSS
Exploits0References10
OSV
OSV
added 2018/04/04 7:29 a.m.3 views

UBUNTU-CVE-2018-9262

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth...

7.5CVSS6.7AI score0.02337EPSS
Exploits1References5
Rows per page
Query Builder