266 matches found
CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource allows attackers to cause a Denial of Service DoS after running a SELECT statement...
CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...
DEBIAN-CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...
CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...
PT-2023-31017 · Openlink +1 · Openlink Virtuoso-Opensource +1
Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.11 Description: An issue in the box deserialize reusing function allows attackers to cause a Denial of Service DoS after running a SELECT statement. Recommendations: For openlink virtuoso-opensource...
Virtuoso Open-Source Edition Security Vulnerabilities
Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which ste...
Ubuntu 16.04 ESM : Puppet vulnerabilities (USN-4804-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4804-1 advisory. It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or...
CVE-2023-39680
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
Out-of-bounds
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...
CVE-2023-20935
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...
PT-2023-9521 · Openlink +4 · Openlink Virtuoso-Opensource +4
Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the mp box deserialize string function, which is vulnerable due to improper neutralization of special elements used in SQL commands. This can be exploited by a...
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Impact An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. Patches The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserti...
RUSTSEC-2023-0030 `Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses
An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...
`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses
An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...
SUSE CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...
SUSE CVE-2016-7418
The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...
SUSE CVE-2018-15686
A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...
PT-2022-7536 · Hdf5 +2 · Hdf5 +2
Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.13.3 and earlier HDF5 versions 1.14.2 and earlier Description: The issue is related to a buffer overflow in the H5HG cache heap deserialize function of the HDF5 library, which can lead to a denial of service or potential code...
GHSA-M43H-HFRQ-X8WX SystemDS CPU exhaustion vulnerability
The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...