465 matches found
GHSA-MMHX-HMJR-R674 DOMPurify allows tampering by prototype pollution
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...
DEBIAN-CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
DOMPurify 安全漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 2.5.4 and prior to 3.1.3, which stems from malicious HTML using a special nesting technique to bypass the depth...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-069)
The version of kernel installed on the remote host is prior to 5.10.224-212.876. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-069 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...
DEBIAN-CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...
CVE-2024-43880
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...
CVE-2024-43880
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...
CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an object nesting warning issue in the mlxsw component when handling ACLs...
SUSE CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
AZL-51387 CVE-2024-43846 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
DEBIAN-CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
UBUNTU-CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
CVE-2024-43846 lib: objagg: Fix general protection fault
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
CVE-2024-43846 lib: objagg: Fix general protection fault
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
CVE-2024-43846 lib: objagg: Fix general protection fault
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...