Elasticsearch 8.13.1 <= 8.13.4 DoS (ESA-2024-14)

The version of Elasticsearch installed on the remote host is between 8.13.1 and 8.13.4. It is, therefore, affected by a denial of service DoS vulnerability as referenced in the ESA-2024-14 advisory: - A flaw was discovered in Elasticsearch, affecting document ingestion when an index template...

stackoverflow.com Cross Site Scripting vulnerability OBB-3934573

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of "passthrough" type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

The vulnerability of the formWifiWpsStart function (/goform/WifiWpsStart) in the Tenda AC10U router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formWifiWpsStart function /goform/WifiWpsStart in the Tenda AC10U router software is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

MGASA-2024-0069 Updated jackson-databind packages fix security vulnerabilities

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...

Updated jackson-databind packages fix security vulnerabilities

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...

CVE-2024-28383

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub431CF0 function...

Amazon Linux 2 : woodstox-core (ALAS-2024-2463)

The version of woodstox-core installed on the remote host is prior to 4.1.2-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2463 advisory. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the...

Elasticsearch - StackOverflow DoS

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

pwncli

This is an offensive tool for binary exploitation. The primary vulnerability targeted is not explicitly stated, but the code and documentation suggest that it is a buffer overflow vulnerability in a binary named "stackoverflownopie" and "stackoverflowpie". The tool, named "pwncli", is designed to...

Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted...

GHSA-8RFX-6MR3-5JH3 Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted...

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

Race condition

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

UBUNTU-CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

CVE-2023-51097

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formSetAutoPing...

PT-2023-31715 · Unknown · Microhttpserver

Name of the Vulnerable Software and Affected Versions: MicroHttpServer versions through 4398570 Description: The issue allows a stack-based buffer overflow and potentially remote code execution via a long URI. This is due to the ReadStaticFiles function in lib/middleware.c. Recommendations: For...