jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

OESA-2023-1127 xorg-x11-server security update

X.Org X11 X server Security Fixes: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on...

SUSE CVE-2022-26076

Uncontrolled search path element in the IntelR oneAPI Deep Neural Network oneDNN before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-26076

Uncontrolled search path element in the IntelR oneAPI Deep Neural Network oneDNN before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

UBUNTU-CVE-2022-26076

Uncontrolled search path element in the IntelR oneAPI Deep Neural Network oneDNN before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-26076

Uncontrolled search path element in the IntelR oneAPI Deep Neural Network oneDNN before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-26076

Intel oneAPI Deep Neural Network (oneDNN) before 2022.1 contains an uncontrolled search path element that may allow an authenticated user to escalate privileges via local access. Public sources (Red Hat CVE entry and Intel advisory) confirm the affected component and the local-privilege escalatio...

Intel OneApi Toolkits 代码问题漏洞

Intel OneApi Toolkits is a set of core tools and libraries from the United States Intel Intel. for developing high-performance, data-centric applications across different architectures. A security vulnerability exists in Intel oneAPI Deep Neural Network oneDNN versions prior to 2022.1, which stem...

SUSE CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

SUSE CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

SUSE CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

SUSE CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

SUSE CVE-2017-9616

In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion uncontrolled recursion in the dissectmp4box function in epan/dissectors/file-mp4.c...

SUSE CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service stack consumption and segmentation fault or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash ...

SUSE CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer...

SUSE CVE-2020-15473

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpisearchopenvpn in lib/protocols/openvpn.c...

SUSE CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

SUSE CVE-2021-3477

There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to...