stackoverflow.com Cross Site Scripting vulnerability OBB-3934573

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of "passthrough" type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

MGASA-2024-0069 Updated jackson-databind packages fix security vulnerabilities

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...

Updated jackson-databind packages fix security vulnerabilities

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value...

CVE-2024-28383

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub431CF0 function...

Amazon Linux 2 : woodstox-core (ALAS-2024-2463)

The version of woodstox-core installed on the remote host is prior to 4.1.2-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2463 advisory. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the...

Elasticsearch - StackOverflow DoS

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

pwncli

This is an offensive tool for binary exploitation. The primary vulnerability targeted is not explicitly stated, but the code and documentation suggest that it is a buffer overflow vulnerability in a binary named "stackoverflownopie" and "stackoverflowpie". The tool, named "pwncli", is designed to...

GHSA-8RFX-6MR3-5JH3 Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted...

Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted...

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

Race condition

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

UBUNTU-CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

CVE-2023-51097

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formSetAutoPing...

PT-2023-31715 · Unknown · Microhttpserver

Name of the Vulnerable Software and Affected Versions: MicroHttpServer versions through 4398570 Description: The issue allows a stack-based buffer overflow and potentially remote code execution via a long URI. This is due to the ReadStaticFiles function in lib/middleware.c. Recommendations: For...

Amazon Linux 2 : jettison (ALAS-2023-2363)

The version of jettison installed on the remote host is prior to 1.3.3-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2363 advisory. Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 (RHSA-2023:7638)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7638 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...