CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue...

CVE-2021-47587 net: systemport: Add global locking for descriptor lifecycle

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning ML model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine...

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. This makes it...

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-5480

CVE-2024-5480 is a valid vulnerability describing a remote code execution in PyTorch’s torch.distributed.rpc framework prior to version 2.2.2. Red Hat’s entry details an RCE arising when a worker serializes and sends a PythonUDF to the master and the master deserializes/executes it without proper...

SUSE CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when interacted...

RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: InetSocketAddress serialization issue Networking, 7201071 CVE-2013-0433 - Oracle JDK 7: bypass o...

RHEL 8 : opendaylight (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17267 - A flaw was...

RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: insufficient loader constraints checks for invokespecial Hotspot, 8180711 CVE-2017-10346 -...

PT-2025-2844 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to insufficient input validation in a component of the Android operating system framework. This could allow an attacker to elevate their privileges. There have been...

The vulnerability of the reqsk_queue_alloc() function in the Linux kernel-based TCP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueuealloc function in the net/core/requestsock.c module of the Linux kernel’s TCP protocol implementation is related to deficiencies in the serialization mechanism, leading to competitive access to resources. Exploiting this vulnerability could allow a remote attack...

The vulnerability of the pcie_aspm_pm_state_change() function in Qualcomm’s Linux-based PCIe device drivers allows a hacker to cause a service failure.

The vulnerability of the pcieaspmpmstatechange function in Qualcomm’s PCIe device drivers for Linux operating systems is related to incorrect resource serialization. Exploiting this vulnerability can allow attackers to cause service failures...

Fedora: Security Advisory for python-cbor2 (FEDORA-2024-0c9aaeb447)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...