CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers...

GHSA-RJ4P-7MM6-GM9J JBossWS vulnerable to uncontrolled recursion

DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...

GHSA-MQMP-4MCP-VG8V Apache ORC vulnerable to Uncontrolled Recursion

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...

Apache ORC vulnerable to Uncontrolled Recursion

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

NewStart CGSL MAIN 6.02 : krb5 Vulnerability (NS-SA-2022-0057)

The remote NewStart CGSL host, running version MAIN 6.02, has krb5 packages installed that are affected by a vulnerability: - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c...

NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Multiple Vulnerabilities (NS-SA-2022-0031)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by multiple vulnerabilities: - The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allo...

EulerOS Virtualization 2.9.0 : systemd (EulerOS-SA-2022-1639)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2022-1639)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5389-1: Libcroco vulnerabilities

It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...

USN-5389-1 libcroco vulnerabilities

It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...

Hitachi Energy System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...

Ubuntu 16.04 ESM : Libcroco vulnerabilities (USN-5389-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5389-1 advisory. It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An...

GSD-2022-1001401 powerpc/set_memory: Avoid spinlock recursion in change_page_attr()

powerpc/setmemory: Avoid spinlock recursion in changepageattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...

Slackware: Security Advisory (SSA:2013-287-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2022-1439)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2022-1497)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:0736-2 Security update for vim

This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow bsc1195004. - CVE-2021-3796: Fixed use-after-free in nvreplace in normal.c bsc1190570. - CVE-2021-3872: Fixed heap-based buffer overflow in winredrstatus drawscreen.c bsc1191893. - CVE-2021-3927: Fix...

MGASA-2022-0145 Updated mediawiki packages fix security vulnerability

Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...

PT-2022-18870 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.6 MediaWiki versions 1.36.x prior to 1.36.4 MediaWiki versions 1.37.x prior to 1.37.2 Description: An issue was discovered in MediaWiki where users with the editinterface permission can trigger infinite...