CVE-2023-38502 TDengine Database Denial-of-Service

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

CVE-2023-38502 TDengine Database Denial-of-Service

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

LSN-0096-1: Kernel Live Patch Security Notice

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash ...

PT-2023-26482 · Tdengine · Tdengine

Name of the Vulnerable Software and Affected Versions: TDengine versions prior to 3.0.7.1 Description: TDengine is an open source, time-series database optimized for Internet of Things devices. The issue affects TDengine Databases that allow users to connect and run arbitrary queries, causing the...

TDengine 输入验证错误漏洞

TDengine is an open source, high performance, cloud-native time series database from TDengine. An input validation error vulnerability exists in versions prior to TDengine 3.0.7.1, which stems from the database crashing on a UDF nested query resulting in a denial of service, allowing an attacker ...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2357)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl....

Nested Virtualization Statement for Citrix Hypervisor

Query of "Does Citrix Hypervisor support Nested Virtualization in VMs"...

OPENSUSE-SU-2023:0166-1 Security update for virtualbox

This update for virtualbox fixes the following issues: - Fix Vagrant/virtualbox startup problems boo1209727 - VirtualBox 7.0.8 released April 18 2023 This is a maintenance release. The following items were fixed and/or added: - VMM: Introduced general improvements in nested visualization area -...

Denial Of Service (DoS)

org.hjson, hjson is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause a stack overflow, resulting in an application crash, because the library does not properly check crafted objects with deeply nested structures...

Denial Of Services (DoS)

JSON is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nested depth checks in Parser.java, which allows an attacker to cause an application crash by passing a maliciously crafted JSON string...

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

GHSA-75M3-F4HR-2VH9 jjson vulnerable to stack exhaustion

An issue was discovered jjson through 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...

htmlcleaner vulnerable to stack exhaustion

An issue was discovered htmlcleaner through version 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

jsonij vulnerable to stack exhaustion

An issue was discovered jmarsden/jsonij through 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

genson vulnerable to stack exhaustion

An issue was discovered genson through 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...

ph-json vulnerable to stack exhaustion

An issue was discovered ph-json through 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

GHSA-W2RR-WVH9-M2M7 JSONUtil vulnerable to stack exhaustion

An issue was discovered JSONUtil through 5.0 that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...