jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

CLSA-2023-1686859492 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

CLSA-2023-1686858853 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

CVE-2023-31893

Telefnica Brasil Vivo Play IPTV Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service DoS via DNS Recursion...

Design/Logic Flaw

Telefnica Brasil Vivo Play IPTV Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service DoS via DNS Recursion...

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused ...

PT-2023-23505 · Telefônica Brasil · Telefônica Brasil Vivo Play

Name of the Vulnerable Software and Affected Versions: Telefnica Brasil Vivo Play IPTV Firmware version 2023.04.04.01.06.15 Description: The issue is related to a Denial of Service DoS via DNS Recursion. This means that the system can be made unavailable by exploiting its handling of DNS recursio...

CVE-2023-31893

Telefnica Brasil Vivo Play IPTV Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service DoS via DNS Recursion...

CVE-2023-31893

Telefnica Brasil Vivo Play IPTV Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service DoS via DNS Recursion...

CVE-2023-31893

CVE-2023-31893 affects Telefnica Brasil Vivo Play (IPTV) firmware 2023.04.04.01.06.15, with a vulnerability enabling Denial of Service (DoS) via DNS recursion . The available sources describe the firmware and the DoS vector but do not provide a confirmed patch version or official mitigation. Prac...

Amazon Linux 2 : jettison (ALAS-2023-2053)

The version of jettison installed on the remote host is prior to 1.3.3-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2053 advisory. An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in o...

Important: jettison

Issue Overview: An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. CVE-2023-1436 Affected Packages: jettison Note: This advisory is...

Ubuntu 18.04 LTS / 20.04 LTS : Apache Log4j 2 vulnerabilities (USN-5222-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5222-1 advisory. It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI...

Oracle Linux 8 : container-tools:4.0 (ELSA-2023-2802)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2802 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

bind: sending specific queries to the resolver may cause a DoS

A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service...