Lucene search
K

465 matches found

OSV
OSV
added 2024/09/16 8:34 p.m.11 views

GHSA-MMHX-HMJR-R674 DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...

8.3CVSS7AI score0.00844EPSS
Exploits0References5
OSV
OSV
added 2024/09/16 7:16 p.m.1 views

DEBIAN-CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

6.1CVSS6.6AI score0.00844EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.3 views

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 2.5.4 and prior to 3.1.3, which stems from malicious HTML using a special nesting technique to bypass the depth...

7.3CVSS7.1AI score0.00844EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.26 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-069)

The version of kernel installed on the remote host is prior to 5.10.224-212.876. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-069 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...

7.8CVSS6.7AI score0.0032EPSS
Exploits3References18
OSV
OSV
added 2024/09/06 9:15 p.m.3 views

DEBIAN-CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

7.5CVSS6.8AI score0.01046EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 1:15 a.m.18 views

CVE-2024-43880

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

5.5CVSS0.00218EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/08/21 1:15 a.m.21 views

CVE-2024-43880

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

5.5CVSS6.4AI score0.00218EPSS
Exploits0References25
Vulnrichment
Vulnrichment
added 2024/08/21 12:6 a.m.26 views

CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

6.7AI score0.00218EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an object nesting warning issue in the mlxsw component when handling ACLs...

5.5CVSS6.4AI score0.00218EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2024/08/18 2:1 a.m.2 views

SUSE CVE-2024-43846

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS6.4AI score0.00215EPSS
Exploits0References14
OSV
OSV
added 2024/08/17 10:15 a.m.7 views

AZL-51387 CVE-2024-43846 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS6.1AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 10:15 a.m.2 views

DEBIAN-CVE-2024-43846

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS5.6AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 10:15 a.m.1 views

UBUNTU-CVE-2024-43846

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS6.2AI score0.00215EPSS
Exploits0References26
UbuntuCve
UbuntuCve
added 2024/08/17 10:15 a.m.15 views

CVE-2024-43846

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS6.3AI score0.00215EPSS
Exploits0References25
Debian CVE
Debian CVE
added 2024/08/17 9:22 a.m.12 views

CVE-2024-43846

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS5.6AI score0.00215EPSS
Exploits0
OSV
OSV
added 2024/08/17 9:22 a.m.16 views

CVE-2024-43846 lib: objagg: Fix general protection fault

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

5.5CVSS6.2AI score0.00215EPSS
Exploits0References12
Cvelist
Cvelist
added 2024/08/17 9:22 a.m.21 views

CVE-2024-43846 lib: objagg: Fix general protection fault

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

0.00215EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/08/17 9:22 a.m.11 views

CVE-2024-43846 lib: objagg: Fix general protection fault

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

6.9AI score0.00215EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.2 views

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/22 9:32 a.m.2 views

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

7.5CVSS6.7AI score0.0486EPSS
Exploits1References5
Rows per page
Query Builder