Medium: xstream

Issue Overview: Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2023-52357

Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability...

Design/Logic Flaw

Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability...

CVE-2023-52357

Huawei HarmonyOS and Huawei EMUI contain a denial-of-service vulnerability in the vibration framework caused by a serialization/deserialization mismatch. The CNVD/CNNVD entries describe an availability impact, with exploitation likely local to the device. The NVD entry reiterates a serialization/...

CVE-2023-52357

Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability...

CVE-2023-52357

Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability...

Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

PT-2024-14547 · Unknown · Vibration Framework

Name of the Vulnerable Software and Affected Versions: Vibration framework affected versions not specified Description: The issue is related to a serialization/deserialization mismatch in the vibration framework. Successful exploitation of this issue may affect availability. Recommendations: At t...

[SECURITY] Fedora 38 Update: rust-versionize-0.2.0-2.fc38

A version tolerant serialization/deserialization framework...

Fedora: Security Advisory for rust-versionize (FEDORA-2024-f2305d485f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to QOS.ch Sarl Logback denial of service vulnerability ( CVE-2023-6378)

Summary Potential QOS.ch Sarl Logback denial of service vulnerability CVE-2023-6378 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-6378...

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.3 release security update

Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

logback: serialization vulnerability in logback receiver

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition...

[SECURITY] Fedora 39 Update: rust-versionize-0.2.0-2.fc39

A version tolerant serialization/deserialization framework...

Fedora: Security Advisory for rust-versionize (FEDORA-2024-04877592b7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

avro vs protobuf

A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and applicatio...

Protobuf vs JSON

A Beginners Guide to Understanding Protobuf & JSON When you dive into the sphere of data serialization, you're likely to encounter two dominant players - Protobuf, the colloquial term for Protocol Buffers, and JSON, standing for JavaScript Object Notation. Both of these formats carry distinctive...

GHSA-MG2X-MGGJ-6955 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...