Lucene search
K

122 matches found

Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.5 views

PT-2024-20777 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP 7.4 before update 27 Liferay DXP 7.3 before update 6 Liferay DXP 7.2 before fix pack 19 Description: The issue is related to the IFrame widget, which does not check the URL of the...

6.5CVSS6.9AI score0.00569EPSS
Exploits0References8
Veracode
Veracode
added 2024/02/02 1:48 a.m.42 views

Use After Free

Canvas in Google Chrome is vulnerable to Use after free.The vulnerability is due to referencing memory after it has been freed which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS6.6AI score0.00881EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2023/12/28 9:16 p.m.20 views

msgpackr's conversion of property names to strings can trigger infinite recursion

Impact When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. Patches The fix is available in v1.10.1 Workarounds Exploits seem to require structured cloning, replacing the 0x70 extension with your own that...

6.8CVSS6.6AI score0.00685EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/12/28 4:16 p.m.12 views

CVE-2023-52079

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...

6.8CVSS0.00685EPSS
Exploits0References2
OSV
OSV
added 2023/12/22 11:6 a.m.6 views

OESA-2023-1963 jettison security update

Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: An infinite recursion is triggered in Jettison when...

7.5CVSS8.1AI score0.01009EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/08/31 1:29 p.m.6 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/31 1:27 p.m.4 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/07 3:18 p.m.5 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/15 9:3 a.m.5 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/15 12:17 a.m.6 views

jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References4
OSV
OSV
added 2023/06/12 6:52 p.m.14 views

GHSA-87MF-9WG6-PPF8 Ouroboros is Unsound

In 0.15.0 and prior, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid during the entire execution of the function, even when those references are passed inside a...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/06/12 6:52 p.m.9 views

Ouroboros is Unsound

In 0.15.0 and prior, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid during the entire execution of the function, even when those references are passed inside a...

6.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/11 12:0 p.m.16 views

RUSTSEC-2023-0042 Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

7AI score
Exploits0References3
RustSec
RustSec
added 2023/06/11 12:0 p.m.30 views

Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

6.8AI score
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/22 6:15 a.m.33 views

CVE-2023-1436

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

7.5CVSS6.7AI score0.01009EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.4 views

jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.6 views

SUSE CVE-2006-4256

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different...

4.3CVSS6.9AI score0.01668EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-6870

The consumelabels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service infinite loop via a crafted compressed DNS response with a label that points to itself...

5CVSS6.7AI score0.02298EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.5 views

SUSE CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service stack consumption via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop...

7.5CVSS6.8AI score0.03489EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

7.8CVSS6.9AI score0.11284EPSS
Exploits0References3
Rows per page
Query Builder