genson vulnerable to stack exhaustion

An issue was discovered genson through 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...

ph-json vulnerable to stack exhaustion

An issue was discovered ph-json through 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

pbjson vulnerable to stack exhaustion

An issue was discovered pbjson through 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies...

GHSA-75R3-38RH-PMXV sojo vulnerable to stack exhaustion

An issue was discovered sojo through 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

GHSA-FJ64-QPRX-Q7VQ genson vulnerable to stack exhaustion

An issue was discovered genson through 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...

PT-2023-24956 · Hjson · Hjson

Name of the Vulnerable Software and Affected Versions: hjson versions 3.0.0 and earlier Description: An issue in hjson allows attackers to cause a denial of service or other unspecified impacts via crafted objects that use cyclic dependencies or have deeply nested structures. Recommendations: For...

PT-2023-8516 · Unknown · Jackson-Databind

Name of the Vulnerable Software and Affected Versions: jackson-databind versions 2.12.0 through 2.15.2 Description: The issue in jackson-databind is related to unlimited resource allocation, which can be exploited to cause a denial of service or other unspecified impact via a crafted object that...

Medium: mariadb

Issue Overview: getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. CVE-2021-46657 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW. CVE-2021-46659 MariaDB through...

USN-6081-1 linux, linux-aws, linux-aws-hwe, linux-kvm vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...

sysstat: arithmetic overflow in allocate_structures() on 32 bit systems

An arithmetic overflow issue was discovered in Sysstat on 32-bit systems. The allocatestructures function in sacommon.c insufficiently checks bounds before arithmetic multiplication, allowing an overflow in the size allocated for the buffer representing system activities. The vulnerability can be...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

CVE-2021-46753

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

Authorization

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

CVE-2021-46753

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

sysstat: arithmetic overflow in allocate_structures() on 32 bit systems

An arithmetic overflow issue was discovered in Sysstat on 32-bit systems. The allocatestructures function in sacommon.c insufficiently checks bounds before arithmetic multiplication, allowing an overflow in the size allocated for the buffer representing system activities. The vulnerability can be...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Vulnerability

Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Author: nu11secur1ty Vendor: https://www.manageengine.com/ Software: https://www.manageengine.com/privileged-session-management/download.html Reference:...

Deserialization of untrusted data

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...