RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 (RHSA-2023:7638)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7638 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Amazon Linux 2 : jettison (ALAS-2023-2363)

The version of jettison installed on the remote host is prior to 1.3.3-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2363 advisory. Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is...

OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

CVE-2023-48014

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevcparsevpsextension function at /mediatools/avparsers.c...

DoS (Denial of Service) com.fasterxml.jackson.core in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2023-31419 Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

jackson-databind Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Stack overflow

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function...

Important: bind

Issue Overview: The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of availab...

Elasticsearch 8.9.1 / 7.17.13 Security Update

Elasticsearch StackOverflow vulnerability ESA-2023-14 A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Affected Versions: Elasticsearch versions from 7.0.0 to 7.17.12 and fr...

CVE-2023-36184

CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json...

Denial Of Service (DoS)

libsass.so is vulnerable to Denial Of Service DoS. The vulnerability exists in ComplexSelector::hasplaceholder at astselectors.cpp due to a stack overflow which allows an attacker to cause an application crash...

Denial Of Service (DoS)

com.fasterxml.jackson.dataformat: jackson-dataformat-toml is vulnerable to Denial of Service DoS attacks. The vulnerability is due a lack of a max nesting depth; If the TOML parser is run on user supplied input an attacker is able to cause a stackoverflow, resulting in an application crash...

CVE-2023-37716

Tenda F1202 V1.0BRV1.2.0.20408 and FH1202V1.2.0.19EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting...

CVE-2020-22336

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function...

Medium: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CVE-2022-38750 Affected Packages: snakeyaml Issue...

CVE-2023-33635

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm...

CVE-2023-31554

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2Object. This vulnerability allows attackers to cause a Denial of Service DoS...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

Potential XSS in content script via StackOverflow about_me

Description Alby has a feature called "batteries", which makes tipping on third party sites easier, e.g. by detecting lightning network addresses and so donating using the extensions becomes easy. One of those sites is stackoverflow. The alby extension will use the stackoverflow/stackexchange API...