PT-2022-5100 · Cisco · Cisco Jabber

Name of the Vulnerable Software and Affected Versions: Cisco Jabber affected versions not specified Description: A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature could allow an authenticated, remote attacker to manipulate the content of XMPP...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

GSD-2022-1006335 IB/core: Fix a nested dead lock as part of ODP flow

IB/core: Fix a nested dead lock as part of ODP flow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.9 by commit...

DEBIAN-CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

UBUNTU-CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

PT-2022-34630 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.68 Description: A potential security issue has been identified in the Linux Kernel, related to a nested dead lock as part of the ODP flow. The actual impact and attack plausibility have not yet been proven...

CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

PT-2022-34657 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.143 Description: A potential security issue has been identified in the Linux Kernel, related to a nested dead lock as part of the ODP flow. The actual impact and attack plausibility have not yet been prove...

Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

OESA-2022-1954 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

GSD-2022-1005697 KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case

KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nestedrunpending case This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

PT-2022-33955 · Linux · Kvm +1

Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.15.61 Linux Kernel versions prior to v5.15.61 Description: The issue concerns a snapshot pre-VM-Enter DEBUGCTL for the !nested run pending case in KVM's nVMX. The actual impact and attack plausibility have not yet bee...

GHSA-M6CV-4FMF-66XF TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`

Impact If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf batchedinput = True rtnestedsplits = tf.constant0,32,64, shape=3,...

Out Of Bound Access

sqlite3 is vulnerable to out-of-bound access. The vulnerability exists through ALTER TABLE for views that have a nested FROM clause which allows an attacker to access information...

PT-2022-23118 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when RaggedTensorToVariant is given a rt nested splits list...

PT-2022-33639 · Linux · Kvm

Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.19.2 Description: The issue concerns the nVMX snapshot pre-VM-Enter BNDCFGS for the !nested run pending case. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that providing a list of rtnestedsplits for a RaggedTensorToVariant that contains a rank...