Malicious code in react-nesting-example-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a6877c514ae49fccfe170b75f8405a65c085e2bb1d3d78b1ce4d44bff375d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OESA-2022-2057 expat security update

This package provides with static libraries and header files for developing with expat. Security Fixes: xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.CVE-2022-25235 xmlparse.c in Exp...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

UBUNTU-CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

CVE-2022-42321

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored...

PT-2022-7325 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to uncontrolled recursion in Xenstore operations, such as deleting a sub-tree of Xenstore nodes. This can lead to stack exhaustion on xenstored, resulting in a crash...

DEBIAN-CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

UBUNTU-CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

PT-2022-6920

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1 FasterXML jackson-databind versions 2.13.x through 2.13.4.1 Bamboo Data Center and Server versions 9.1.0 through 9.2.4 Bamboo Data Center and Server versions 9.3.0 through 9.3.2...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

mariadb: Crash executing query with VIEW, aggregate and subquery

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW...

SnakeYAML 资源管理错误漏洞

SnakeYAML is a Java-based YAML parser. A security vulnerability exists in SnakeYAML 1.31 and earlier versions, which stems from a denial of service DoS issue due to the lack of a nesting depth limit for collections...

CVE-2022-25903

The package opcua from 0.0.0 are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...

CVE-2022-25903

The package opcua from 0.0.0 are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...

PT-2022-17596 · Opcua · Opcua

Name of the Vulnerable Software and Affected Versions: opcua versions 0.0.0 through 0.11.0 Description: The issue allows for Denial of Service DoS via the ExtensionObjects and Variants objects. This occurs because the package allows unlimited nesting levels, which could result in a stack overflow...

Denial of Service (DoS)

Overview opcua is an OPC UA server / client API implementation for Rust. Affected versions of this package are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message siz...