264 matches found
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to the existence of a security vulnerability , th...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to a security vulnerability , the vulnerability...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the deserialize method, when handling untrusted XML data, which may contain external entity references. Details XXE Injection is a type of attack against an application that parses XML input. XML is...
DEBIAN-CVE-2024-57643
An issue in the boxdeserializestring component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
OpenLink Virtuoso-opensource 安全漏洞
OpenLink Virtuoso-opensource is OpenLink Software's is a powerful multi-model database and middleware platform for a variety of application scenarios that require high-performance data processing and complex data model support. A security vulnerability exists in OpenLink Virtuoso-opensource versi...
The vulnerability of the H5HG__cache_heap_deserialize() function in the HDF5 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the H5HGcacheheapdeserialize function in the HDF5 library is related to buffer overflow in the heap. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the H5S__point_deserialize() function in the H5Spoint.c file of the HDF5 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the H5Spointdeserialize function in the H5Spoint.c file of the HDF5 library is related to buffer overflow in the queue. Exploitation of this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. A code issue vulnerability exists in Adobe ColdFusion versions 2023.x through prior to 2023.10 and...
PT-2024-41504 · Git · Hdf5
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538113 Crash type: UNKNOWN READ Crash state: H5FL reg malloc H5FL reg calloc H5O cache chk deserialize...
The vulnerability of the `JsonSerializer.DeserializeAsyncEnumerable` method in the System.Text.Json library of the Microsoft.NET software platform and the Microsoft Visual Studio development tools allows a attacker to cause a service failure.
The vulnerability of the JsonSerializer.DeserializeAsyncEnumerable method in the System.Text.Json library of the Microsoft .NET software platform and the Microsoft Visual Studio development tools is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a...
Wukong_nocode Code Issue Vulnerability
Wukongnocode Wukong no code is Wukong CRM WukongCRM open source a no-code platform development tools. Enterprises can independently and quickly develop a suitable information system for the needs of the enterprise . Wukongnocode 20230807 previous version of the code problem vulnerability , the...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when using .NET's JsonSerializer.DeserializeAsyncEnumerable function on untrusted input. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...
PT-2024-4734 · Microsoft +8 · Visual Studio +10
Name of the Vulnerable Software and Affected Versions: .NET Core versions prior to 8.x Visual Studio versions prior to 8.x Description: The issue is related to an uncontrolled resource consumption in the JsonSerializer.DeserializeAsyncEnumerable method of the System.Text.Json library in Microsoft...
Arbitrary Code Execution
contao/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to untrusted POST data being passed to the deserialize function which could result in Arbitrary Code Execution...
Updated python-pymongo packages fix security vulnerability
Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...
GHSA-7H74-7VCW-4MWP Insecure deserialize Vulnerability in FLOW3
Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...
Insecure deserialize Vulnerability in FLOW3
Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...
CVE-2024-4838
The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smilemodal' shortcode. This makes it possible for authenticated attackers, with...
GHSA-WQ43-8R5P-W3MC contao/core PHP object injection vulnerability allows for arbitrary code execution
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize function...
contao/core PHP object injection vulnerability allows for arbitrary code execution
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize function...