Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-10098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be...

6.3CVSS6AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:16 p.m.7 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:16 p.m.24 views

CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS0.00121EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:24 p.m.8 views

Security Bulletin: Jackson-core Async JSON Parser Bypasses maxNumberLength Constraint Leading to DoS

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 2:17 p.m.4 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jackson-core library

Summary Due to use of the jackson-core library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

5.8AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/02/28 2:1 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/02/28 2:1 a.m.16 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. An attacker can cause...

8.7CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/02/28 2:1 a.m.5 views

GHSA-72HV-8253-57QQ jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

6.9CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/28 2:1 a.m.410 views

jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

6AI score
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/07/12 1:33 a.m.5 views

CVE-2022-32960

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...

6.8CVSS6.5AI score0.0022EPSS
Exploits0References2
securityvulns
securityvulns
added 2010/02/22 12:0 a.m.39 views

AST-2010-002: Dialplan injection vulnerability

Asterisk Project Security Advisory - AST-2010-002 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Dialplan injection vulnerability |...

0.5AI score
Exploits0
Rows per page
Query Builder