Lucene search
+L

76 matches found

RedHat Linux
RedHat Linux
added 2024/03/25 7:36 p.m.5 views

Mozilla: Self referencing object could have potentially led to a use-after-free

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution...

8.1CVSS7.4AI score0.00971EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:35 p.m.5 views

Mozilla: Self referencing object could have potentially led to a use-after-free

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution...

8.1CVSS7.4AI score0.00971EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:30 p.m.5 views

Mozilla: Self referencing object could have potentially led to a use-after-free

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution...

8.1CVSS7.4AI score0.00971EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 6:54 p.m.4 views

Mozilla: Self referencing object could have potentially led to a use-after-free

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution...

8.1CVSS7.4AI score0.00971EPSS
Exploits0References6
OSV
OSV
added 2024/02/08 4:15 a.m.29 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

6.5CVSS6.4AI score0.00569EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/08 3:25 a.m.49 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

4.1CVSS6.3AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.5 views

PT-2024-20777 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP 7.4 before update 27 Liferay DXP 7.3 before update 6 Liferay DXP 7.2 before fix pack 19 Description: The issue is related to the IFrame widget, which does not check the URL of the...

6.5CVSS6.9AI score0.00569EPSS
Exploits0References8
OSV
OSV
added 2023/12/22 11:6 a.m.8 views

OESA-2023-1963 jettison security update

Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: An infinite recursion is triggered in Jettison when...

7.5CVSS8.1AI score0.01009EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/08/31 1:29 p.m.6 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/31 1:27 p.m.4 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/07 3:18 p.m.5 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/15 9:3 a.m.5 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/15 12:17 a.m.6 views

jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References4
OSV
OSV
added 2023/06/12 6:52 p.m.14 views

GHSA-87MF-9WG6-PPF8 Ouroboros is Unsound

In 0.15.0 and prior, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid during the entire execution of the function, even when those references are passed inside a...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/06/12 6:52 p.m.10 views

Ouroboros is Unsound

In 0.15.0 and prior, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid during the entire execution of the function, even when those references are passed inside a...

6.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/11 12:0 p.m.16 views

RUSTSEC-2023-0042 Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

7AI score
Exploits0References3
RustSec
RustSec
added 2023/06/11 12:0 p.m.31 views

Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

6.8AI score
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/22 6:15 a.m.33 views

CVE-2023-1436

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

7.5CVSS6.7AI score0.01009EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.4 views

jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-6870

The consumelabels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service infinite loop via a crafted compressed DNS response with a label that points to itself...

5CVSS6.7AI score0.02298EPSS
Exploits0References4
Rows per page
Query Builder