Lucene search
+L

468 matches found

redhat
redhat
added 2022/08/01 12:10 p.m.5 views

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

5.5CVSS6.6AI score0.00881EPSS
Exploits1References6
redhat
redhat
added 2022/08/01 12:10 p.m.9 views

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01885EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2022/07/12 12:0 a.m.4 views

PT-2022-20224 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Decoder.Decode function in the encoding/gob package. This allows an attacker to cause a panic due to stack exhaustion ...

9.8CVSS7.1AI score0.10299EPSS
Exploits15References378
github
github
added 2022/06/17 12:18 a.m.26 views

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

3.6AI score
Exploits0References3Affected Software1
redhat
redhat
added 2022/05/18 1:29 a.m.9 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
veracode
veracode
added 2022/05/07 2:3 a.m.72 views

Authentication Bypass

firefox is vulnerable to authentication bypass. An attacker with the document in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS3.2AI score0.00848EPSS
Exploits0References6Affected Software6
redhat
redhat
added 2022/05/04 12:11 p.m.4 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
redhat
redhat
added 2022/05/04 11:20 a.m.5 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
attackerkb
attackerkb
added 2022/03/05 8:15 p.m.11 views

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

7.5CVSS7.3AI score0.03255EPSS
Exploits0References8
rustsec
rustsec
added 2022/01/01 12:0 p.m.16 views

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

3.6AI score
Exploits0
osv
osv
added 2021/12/07 10:15 p.m.4 views

DEBIAN-CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.8AI score0.03206EPSS
Exploits2References1
attackerkb
attackerkb
added 2021/11/02 10:15 p.m.2 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS7.2AI score0.36139EPSS
Exploits5References6
nessus
nessus
added 2021/02/01 12:0 a.m.30 views

CentOS 8 : dovecot (CESA-2020:3713)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3713 advisory. - dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 - dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673 ...

7.5CVSS6.8AI score0.06187EPSS
Exploits4References4
huntr
huntr
added 2021/01/10 12:0 a.m.17 views

Prototype Pollution in babak-gholamzadeh/deeply-object-assign

Description deeply-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deeplyObjectAssign = require"deeply-object-assign" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " +...

2AI score
Exploits0
redhat
redhat
added 2020/09/14 12:48 p.m.58 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.8AI score0.06187EPSS
Exploits4References4
nessus
nessus
added 2020/09/14 12:0 a.m.34 views

CentOS 7 : dovecot (RHSA-2020:3617)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. - In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource...

7.5CVSS6.7AI score0.06187EPSS
Exploits4References4
nessus
nessus
added 2020/09/03 12:0 a.m.24 views

RHEL 7 : dovecot (RHSA-2020:3617)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS6.9AI score0.06187EPSS
Exploits4References8
vulnersosv
vulnersosv
added 2019/08/27 5:45 p.m.4 views

@amishurinskiy/router (=1.0.0), @bluedrop_dev/configly (=4.0.2) +36 more potentially affected by CVE-2019-10750 via deeply (>=0.1.0 <=3.0.0)

deeply NPM version =0.1.0, =1.0.0, =1.1.1, =1.0.0, =0.2.1, =3.0.0, =1.0.0, =1.0.0, =2.0.0 - fabspa-js =0.5.0 and more Source cves: CVE-2019-10750 Source advisory: OSV:GHSA-8J4W-5FW4-RM27...

9.8CVSS7.2AI score0.01691EPSS
Exploits1
osv
osv
added 2019/08/27 5:45 p.m.10 views

GHSA-8J4W-5FW4-RM27 Prototype Pollution in deeply

Versions of deeply prior to 1.0.1 are vulnerable to Prototype Pollution. The package fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. Recommendation Upgrade t...

9.8CVSS9.4AI score0.01691EPSS
Exploits1References3
github
github
added 2019/08/27 5:45 p.m.27 views

Prototype Pollution in deeply

Versions of deeply prior to 1.0.1 are vulnerable to Prototype Pollution. The package fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. Recommendation Upgrade t...

9.8CVSS5.4AI score0.01691EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder