golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers allows a attacker to compromise the integrity of the protected information.

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of the protected...

HashiCorp Vault Improper Privilege Management

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4...

PT-2024-5040 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9 Description: The issue is related to the implementation of the SEV-SNP and SEV-ES protective mechanisms in the Linux kernel, which can be exploited by an untrusted hypervisor to inject virtual interrupts and...

Stack overflow during recursive JSON parsing

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth...

PT-2024-2595 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. The issue is also relate...

CVE-2023-20573 Debug Exception Delivery in Secure Nested Paging

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...

CVE-2023-20573 Debug Exception Delivery in Secure Nested Paging

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...

PT-2024-41505

Name of the Vulnerable Software and Affected Versions: linux in Debian Linux affected versions not specified Description: The vulnerability involves evicting cache lines during Secure Nested Paging SNP memory validation in x86 systems. This issue affects Debian Linux. Recommendations: At the...

WordPress Nested Pages Plugin < 3.2.7 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nestedpagesproject:nestedpages"; ifdescription...

CVE-2023-49182

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10...

OESA-2023-1921 jackson-databind security update

The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. Security Fixes: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of servic...

WordPress Plugin List all posts by Authors, nested Categories and Titles Cross-site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin List all posts by Authors, nested...

CVE-2023-49195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...

CVE-2023-49195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...

CVE-2023-49195

CVE-2023-49195 affects WordPress Nested Pages plugin