15 matches found
EUVD-2018-20856
Malware in sbrugna...
EUVD-2022-6470
Malicious code in bioql PyPI...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...
Security Bulletin: Multiple security vulnerabilities in Snake YAML affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator uses Snake YAML. Vulnerability Details CVEID: CVE-2017-18640 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could...
Denial Of Service (DoS)
snakeyaml is vulnerable to denial of service. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections which allows an attacker to crash the application through the stack overflow by providing malicious yaml...
Denial Of Service (DoS)
snakeyaml is vulnerable to Denial Of Service DoS. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application through the stack overflow by providing malicious yaml...
Uncontrolled Resource Consumption in snakeyaml
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
CVE-2022-25857
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
Design/Logic Flaw
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
CVE-2022-25857 Denial of Service (DoS)
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
CVE-2022-25857
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...
CVE-2022-31173 Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually...
CVE-2022-25857 jruby/psych/snakeyaml: Denial of Service (DoS) due missing to nested depth limitation for collections
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections. This package is bundled into Psych which is in turn bundled into jruby...
CVE-2021-3908
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end...
Denial Of Service (DoS)
cmd/octorpki of github.com/cloudflare/cfrpki is vulnerable to denial of service. Due to lack of limitation in the depth of a certificate chain, when a CA creates children in an ad-hoc fashion, it results in never-ending tree traversal...