4026 matches found
CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
PT-2022-15748 · Unknown +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.18 Spring Framework versions 5.2.0 through 5.2.20 Spring Framework older unsupported versions Description: The patterns for disallowedFields on a DataBinder in Spring Framework are case sensitive...
Vmware Spring Framework 安全特征问题漏洞
Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Vmware Spring Framework has a security feature issue vulnerability that stems from the pattern of...
CVE-2022-21803
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...
CVE-2022-21803
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1328)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege wi...
Denial Of Service (DoS)
MariaDB is vulnerable to denial of service. It allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
Ahdinosaur Set-in 安全漏洞
Ahdinosaur Set-in is a Js-based codebase from the individual developer of Ahdinosaur that can assign values to keys of nested associative structures. A security vulnerability exists in Ahdinosaur Set-in that allows an attacker to merge object prototypes into it...
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
Denial Of Service (DoS)
com.fasterxml.jackson.core:jackson-databind is vulnerable to Denial Of Service DoS. A malicious user is able to cause a StackOverflow exception using a large depth of nested objects resulting in a denial of service conditions...
Deeply nested json in jackson-databind
jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects...
GHSA-57J2-W4CX-62H2 Deeply nested json in jackson-databind
jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects...
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result the L2 guest would be allowed to read/write physical pages of the host resulting in a crash of the entire system leak of sensitive data or potential guest-to-host escape.
...
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
...
CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
DEBIAN-CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...