264 matches found
PT-2024-40504 · Contao · Contao/Core
Name of the Vulnerable Software and Affected Versions: contao/core affected versions not specified Description: A PHP object injection issue was identified due to untrusted data being passed to the deserialize function. Recommendations: At the moment, there is no information about a newer version...
DEBIAN-CVE-2024-33876
HDF5 Library through 1.14.3 has a heap buffer overflow in H5Spointdeserialize in H5Spoint.c...
UBUNTU-CVE-2024-33876
HDF5 Library through 1.14.3 has a heap buffer overflow in H5Spointdeserialize in H5Spoint.c...
AZL-40700 CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4-1
HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...
AZL-40609 CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4.3-1
HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...
HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.
...
SUSE CVE-2024-32613
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HLfldeserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612...
HDF Group HDF5 安全漏洞
HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.14.3 and pri...
HDF Group HDF5 安全漏洞
HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...
OSV-2024-272 Heap-buffer-overflow in DDS_Security_Deserialize_ParticipantBuiltinTopicData
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68028 Crash type: Heap-buffer-overflow READ 2 Crash state: DDSSecurityDeserializeParticipantBuiltinTopicData fuzzsecuritydeser.c...
Xuxueli xxl-job template injection vulnerability
A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed ...
CVE-2024-21506
Rejected reason: Duplicate...
PT-2024-25419 · Xuxueli · Xuxueli Xxl-Job
Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-job versions 2.4.0 through 2.4.1 Description: A vulnerability was found in the deserialize function of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. This issue leads to injection. The...
The vulnerability of the deserialize() function in the Jwcrypto Python library, which allows a hacker to trigger a denial-of-service attack.
The vulnerability of the deserialize function in the JavaScript library used by Jwcrypto for cryptography involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially created JWE tok...
CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...
Rockwell FactoryTalk Services Platform < 6.20 Deserialization
The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is prior to 6.20. It is, therefore, affected by a vulnerability. - Factory Talk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCP/8082, which can insecurely deserialize untrusted...
SUSE CVE-2024-21907
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...
WordPress GiveWP Plugin < 2.26.0 PHP Object Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; if description...
CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource allows attackers to cause a Denial of Service DoS after running a SELECT statement...
CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...