Lucene search
K

264 matches found

Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.4 views

PT-2024-40504 · Contao · Contao/Core

Name of the Vulnerable Software and Affected Versions: contao/core affected versions not specified Description: A PHP object injection issue was identified due to untrusted data being passed to the deserialize function. Recommendations: At the moment, there is no information about a newer version...

7.3AI score
Exploits0References6
OSV
OSV
added 2024/05/14 3:38 p.m.4 views

DEBIAN-CVE-2024-33876

HDF5 Library through 1.14.3 has a heap buffer overflow in H5Spointdeserialize in H5Spoint.c...

5.7CVSS8.6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:38 p.m.6 views

UBUNTU-CVE-2024-33876

HDF5 Library through 1.14.3 has a heap buffer overflow in H5Spointdeserialize in H5Spoint.c...

5.7CVSS7.4AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 3:15 p.m.6 views

AZL-40700 CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4-1

HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

7.4CVSS7.4AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:15 p.m.11 views

AZL-40609 CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

7.4CVSS7.4AI score0.00223EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/05/14 7:0 a.m.4 views

HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.

...

5.7CVSS7.2AI score0.00227EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/05/14 3:32 a.m.5 views

SUSE CVE-2024-32613

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HLfldeserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612...

7.4CVSS7.4AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.7 views

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.14.3 and pri...

7.4CVSS8.1AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/10 12:0 a.m.5 views

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

5.7CVSS8.8AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2024/04/18 12:5 a.m.11 views

OSV-2024-272 Heap-buffer-overflow in DDS_Security_Deserialize_ParticipantBuiltinTopicData

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68028 Crash type: Heap-buffer-overflow READ 2 Crash state: DDSSecurityDeserializeParticipantBuiltinTopicData fuzzsecuritydeser.c...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/04/06 12:30 p.m.23 views

Xuxueli xxl-job template injection vulnerability

A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed ...

9.8CVSS7.5AI score0.00945EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/04/06 5:15 a.m.25 views

CVE-2024-21506

Rejected reason: Duplicate...

3.7CVSS5AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/06 12:0 a.m.9 views

PT-2024-25419 · Xuxueli · Xuxueli Xxl-Job

Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-job versions 2.4.0 through 2.4.1 Description: A vulnerability was found in the deserialize function of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. This issue leads to injection. The...

9.8CVSS4AI score0.00945EPSS
Exploits1References15
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.6 views

The vulnerability of the deserialize() function in the Jwcrypto Python library, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the deserialize function in the JavaScript library used by Jwcrypto for cryptography involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially created JWE tok...

6.8CVSS6.4AI score0.0098EPSS
Exploits1References15Affected Software6
Vulnrichment
Vulnrichment
added 2024/03/06 9:9 p.m.23 views

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.8CVSS6.5AI score0.0098EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.30 views

Rockwell FactoryTalk Services Platform < 6.20 Deserialization

The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is prior to 6.20. It is, therefore, affected by a vulnerability. - Factory Talk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCP/8082, which can insecurely deserialize untrusted...

10CVSS8.3AI score0.05363EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/01/05 2:34 a.m.3 views

SUSE CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

7.5CVSS7.6AI score0.32908EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2024/01/02 12:0 a.m.14 views

WordPress GiveWP Plugin < 2.26.0 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; if description...

9.8CVSS8.8AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2023/12/06 7:59 a.m.18 views

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS7.3AI score0.00958EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/11/29 8:15 p.m.4 views

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS7.1AI score0.00958EPSS
Exploits1References2
Rows per page
Query Builder