Denial Of Service (DoS)

github.com/taosdata/TDengine is vulnerable to Denial Of Service DoS. The vulnerability exists due to the improper input validation of the library, which allows an attacker with the create function privilege to crash the application by providing a maliciously crafted UDF nested query...

CVE-2023-38502

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

Design/Logic Flaw

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

CVE-2023-38502 TDengine Database Denial-of-Service

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

CVE-2023-38502 TDengine Database Denial-of-Service

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

LSN-0096-1: Kernel Live Patch Security Notice

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash ...

TDengine 输入验证错误漏洞

TDengine is an open source, high performance, cloud-native time series database from TDengine. An input validation error vulnerability exists in versions prior to TDengine 3.0.7.1, which stems from the database crashing on a UDF nested query resulting in a denial of service, allowing an attacker ...

PT-2023-26482 · Tdengine · Tdengine

Name of the Vulnerable Software and Affected Versions: TDengine versions prior to 3.0.7.1 Description: TDengine is an open source, time-series database optimized for Internet of Things devices. The issue affects TDengine Databases that allow users to connect and run arbitrary queries, causing the...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2357)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl....

Nested Virtualization Statement for Citrix Hypervisor

Query of "Does Citrix Hypervisor support Nested Virtualization in VMs"...

OPENSUSE-SU-2023:0166-1 Security update for virtualbox

This update for virtualbox fixes the following issues: - Fix Vagrant/virtualbox startup problems boo1209727 - VirtualBox 7.0.8 released April 18 2023 This is a maintenance release. The following items were fixed and/or added: - VMM: Introduced general improvements in nested visualization area -...

Denial Of Service (DoS)

org.hjson, hjson is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause a stack overflow, resulting in an application crash, because the library does not properly check crafted objects with deeply nested structures...

Denial Of Services (DoS)

JSON is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nested depth checks in Parser.java, which allows an attacker to cause an application crash by passing a maliciously crafted JSON string...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

GHSA-75M3-F4HR-2VH9 jjson vulnerable to stack exhaustion

An issue was discovered jjson through 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...

GHSA-W2RR-WVH9-M2M7 JSONUtil vulnerable to stack exhaustion

An issue was discovered JSONUtil through 5.0 that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...

GHSA-FJ64-QPRX-Q7VQ genson vulnerable to stack exhaustion

An issue was discovered genson through 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...