Lucene search
K

60 matches found

EUVD
EUVD
added 2026/06/25 9:22 p.m.9 views

EUVD-2026-38383

MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.15 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51397

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Runtime-generated union deserializers emitted by DynamicUnionResolver fail to call MessagePackSecurity.DepthStepref reader and do not decrement...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 3:57 a.m.2 views

CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

7.5CVSS5.9AI score0.00276EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/29 7:55 p.m.40 views

Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...

5.7AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:10 p.m.10 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 3:10 p.m.3 views

CVE-2026-44500 ZEBRA: Allocation Amplification in Inbound Network Deserializers

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.9AI score0.00362EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 8:55 p.m.16 views

Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2026/05/07 8:55 p.m.6 views

GHSA-438Q-JX8F-CCCV Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-12325

Malware in sbrugna...

8.1CVSS8.2AI score0.05385EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-12327

Malware in sbrugna...

9.8CVSS9.5AI score0.0368EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-12328

Malware in sbrugna...

9.8CVSS9.5AI score0.08214EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2017-12329

Malware in sbrugna...

9.8CVSS9.5AI score0.03999EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.10 views

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

7.5CVSS6.7AI score0.02706EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.10 views

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

7.5CVSS6.7AI score0.02706EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/12/11 12:0 a.m.37 views

Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14751)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14751 advisory. - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of ...

7.5CVSS6.7AI score0.02706EPSS
Exploits2References2
Atlassian
Atlassian
added 2023/10/06 5:45 p.m.49 views

FasterXML Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.8AI score0.02706EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/08/15 4:54 p.m.39 views

K000135852: FasterXML jackson-databind vulnerability CVE-2022-42003

Security Advisory Description In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 a...

7.5CVSS7.1AI score0.02706EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/19 10:15 a.m.9 views

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

7.5CVSS6.7AI score0.02706EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.8 views

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

7.5CVSS6.7AI score0.02706EPSS
Exploits2References4
Rows per page
Query Builder