Exploit for Uncontrolled Recursion in Owasp Modsecurity

Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...

SUSE-SU-2022:4069-1 Security update for php7

This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont bsc1204979. - CVE-2022-37454: Fixed buffer overflow in hashupdate on long parameter bsc1204577. - Version update to 7.4.32...

AlmaLinux 9 : mingw-gcc (ALSA-2022:8415)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8415 advisory. - GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial ...

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...

Low: Red Hat Security Advisory: mingw-gcc security and bug fix update

An update for mingw-gcc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

gcc: uncontrolled recursion in libiberty/rust-demangle.c

A flaw was discovered in the GNU libiberty library within the demanglepath function in rust-demangle.c, as distributed in the GNU Compiler Collection GCC. This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash...

Oracle Linux 8 : container-tools:3.0 (ELSA-2022-7529)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7529 advisory. - fixes CVE-2021-3602 - amend CVE-2022-1708 - fix CVE-2022-1708 - thanks to Peter Hunt - fix CVE-2022-27650 - fixes CVE-2021-3602 - rc95 fixes...

AlmaLinux 8 : grafana-pcp (ALSA-2022:7648)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7648 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

AlmaLinux 8 : grafana (ALSA-2022:7519)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7519 advisory. - The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function...

SUSE-SU-2022:3957-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...

Oracle Linux 8 : ol8addon (ELSA-2022-23681)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-23681 advisory. golang 1.17.13-1.0.1 - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust 1.17.12-1 - Update Go to...

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-193)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-193 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

RHEL 9 : lua (RHSA-2022:7329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7329 advisory. The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently us...

Uncontrolled Recursion

Overview grpc/grpc-swift is a Swift language implementation of gRPC. Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing certain payloads. This can lead to a Denial-of-Service. Remediation Upgrade grpc/grpc-swift to version 1.2.0 or higher. References - GitHub...

SUSE-SU-2022:3830-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...

The vulnerability of the Decoder.Skip component in the Go programming language is related to an uncontrolled recursion, which allows a hacker to trigger a service failure.

The vulnerability of the Decoder.Skip component in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

AlmaLinux 8 : git-lfs (ALSA-2022:7129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7129 advisory. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed ...

The vulnerability of the Juniper GraphQL execution environment library, related to an uncontrolled recursion, allows a attacker to cause a service failure.

The vulnerability of the Juniper GraphQL execution environment library is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Amazon Linux 2 : golang-github-syndtr-gocapability (ALAS-2022-1865)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1865 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...