Lucene search
K

468 matches found

Cvelist
Cvelist
added 2021/07/18 3:34 a.m.33 views

CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

7.7AI score0.01261EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2021/07/18 3:34 a.m.22 views

CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

7.5CVSS7.5AI score0.01261EPSS
Exploits1
OSV
OSV
added 2021/03/15 9:0 p.m.7 views

USN-4784-1 xerces-c vulnerabilities

It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...

10CVSS7.4AI score0.14138EPSS
Exploits3References4
OSV
OSV
added 2020/12/18 10:51 p.m.327 views

GHSA-63Q7-H895-M982 Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.2AI score0.04881EPSS
Exploits1References9
OSV
OSV
added 2020/10/07 4:15 p.m.4 views

UBUNTU-CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.7AI score0.04881EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/09/04 1:27 a.m.29 views

CVE-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

7.5AI score0.0109EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/09/04 1:27 a.m.23 views

CVE-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

7.5CVSS7.5AI score0.0109EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/07 12:0 a.m.28 views

Fedora 28 : php-erusev-parsedown (2019-009fdcfb60)

1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...

6.1CVSS6AI score0.012EPSS
Exploits0References2
OSV
OSV
added 2018/09/17 12:0 p.m.45 views

RUSTSEC-2018-0006 Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...

7.5CVSS7.5AI score0.01411EPSS
Exploits0References3
OSV
OSV
added 2018/05/31 8:29 p.m.3 views

DEBIAN-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS6.8AI score0.01286EPSS
Exploits0References1
NVD
NVD
added 2018/04/17 9:29 p.m.17 views

CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...

9.8CVSS9.8AI score0.02584EPSS
Exploits1References3
OSV
OSV
added 2018/04/17 9:29 p.m.5 views

UBUNTU-CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...

9.8CVSS7.5AI score0.02584EPSS
Exploits1References4
OSV
OSV
added 2018/04/10 6:29 p.m.2 views

DEBIAN-CVE-2018-9918

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service stack exhaustion, related to the QPDFObjectHandle and QPDFDictionary classes, because nesting in direct objects is not restricted...

7.8CVSS7.3AI score0.01717EPSS
Exploits1References1
OSV
OSV
added 2018/04/04 7:29 a.m.3 views

DEBIAN-CVE-2018-9262

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth...

7.5CVSS8.8AI score0.02337EPSS
Exploits1References1
Prion
Prion
added 2018/04/04 7:29 a.m.21 views

Design/Logic Flaw

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth...

5CVSS7.3AI score0.02337EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2018/04/04 7:29 a.m.6 views

ALPINE-CVE-2018-9262

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth...

7.5CVSS6.8AI score0.02337EPSS
Exploits1References1
OSV
OSV
added 2018/04/04 7:29 a.m.3 views

UBUNTU-CVE-2018-9262

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth...

7.5CVSS6.7AI score0.02337EPSS
Exploits1References5
Atlassian
Atlassian
added 2017/03/14 4:40 a.m.29 views

XSS Vulnerability in wiki markup

Luke Jahnke of the Australia Post Digital Mailbox Security Team reported to Atlassian an XSS in nesting various markup...

2.5AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.4 views

pcre: inefficient posix character class syntax check (8.38/16)

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

9.8CVSS7.4AI score0.06404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/05/26 8:35 a.m.6 views

pcre: inefficient posix character class syntax check (8.38/16)

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

9.8CVSS7.4AI score0.06404EPSS
Exploits0References4
Rows per page
Query Builder