12 matches found
Denial Of Service (DoS)
com.nimbusds:nimbus-jose-jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled recursion due to lack of validation on JSON object nesting depth in JWT claim sets, allowing remote attackers to exhaust system resources with deeply nested structures...
CVE-2025-53864
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...
kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning
A flaw incorrect memory access in the Linux kernel Mellanox network Ethernet or RDMA device driver was found. A local user could use this flaw to crash the system...
kernel: lib: objagg: Fix general protection fault
linux kernel's lib objagg can incorrectly permit object nesting in an unallowed circumstance, based on lack of appropriate checks stemming from assumption violations. The incorrect object creation from this assumption can lead to general protection fault...
kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning
A flaw incorrect memory access in the Linux kernel Mellanox network Ethernet or RDMA device driver was found. A local user could use this flaw to crash the system...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-069)
The version of kernel installed on the remote host is prior to 5.10.224-212.876. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-069 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...
CVE-2024-43880
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...
CVE-2024-43880
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...
CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an object nesting warning issue in the mlxsw component when handling ACLs...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...