EUVD-2022-1739

Malicious code in bioql PyPI...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial of Service attack due to CyberNeko HTML Parser

Summary Security Bulletin: CyberNeko HTML is used by IBM Operations Analytics - Log Analysis as document ingestion in Logstash CVE-2022-29546, CVE-2022-24839, CVE-2022-28366 Vulnerability Details CVEID:CVE-2022-29546 DESCRIPTION: HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Atlassian Jira Service Management Data Center and Server 4.20 < 4.20.28 / 5.4.x < 5.4.12 / 5.5.x < 5.11.3 / 5.12.0 (JSDSERVER-14921)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14921 advisory. - Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Atlassian Confluence 7.13.x / 8.1.x / 8.2.x / 8.3.x / 8.6.0 < 8.6.1 (CONFSERVER-93169)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93169 advisory. - Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory...

SUSE CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to HTTP header injection and affected by denial of services due to multiple vulnerabilities.

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an HTTP header injection caused by improper validation, and affected by a denial of service in GraphQL Java, a denial of service in CyberNeko HTML, and a denial of service in protobuf-java as described in the vulnerabilit...

GHSA-G9HH-VVX3-V37V Denial of service in HtmlUnit-Neko

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Denial of service in HtmlUnit-Neko

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

UBUNTU-CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Input validation

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

CVE-2022-28366

CVE-2022-28366 affects Neko HTML parsers used by HtmlUnit-Neko (up to 2.26; fixed in 2.27) and by CyberNeko HTML (up to 1.9.22; 1.9.22 is the last release). The issue is a denial of service via crafted Processing Instruction input that leads to excessive heap memory consumption. OWASP AntiSamy be...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

DEBIAN-CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...