4172 matches found
Improper Check For Unusual Or Exceptional Conditions
Electron is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is caused by not implementing error handling correctly in case of an API exposed to the main world via contextBridge returning an object or array that contains a JS object which cannot be serialized...
Important: java-1.8.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...
CVE-2023-29198
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
Design/Logic Flaw
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
Electron context isolation bypass via nested unserializable return value
Impact Apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds This issue is exploitable under eithe...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
Security Bulletin: IBM Java Runtime (JRE) security vulnerabilities CVE-2023-21830, CVE-2023-21843 in FileNet Content Manager
Summary Security Bulletin: IBM Java Runtime JRE security vulnerabilities CVE-2023-21830, CVE-2023-21843 in FileNet Content Manager, affected, but not vulnerable Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component...
FreeBSD : py-flask-caching -- remote code execution or local privilege escalation vulnerabilities (692a5fd5-bb25-4df4-8a0e-eb91581f2531)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 692a5fd5-bb25-4df4-8a0e-eb91581f2531 advisory. - DISPUTED The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, whi...
Deserialization Of Untrusted Data
org.springframework.kafka, spring-kafka is vulnerable to Deserialization Of Untrusted Data. The vulnerability is caused by not setting ErrorHandlingDeserializer when checkDeserExWhenKeyNull or checkDeserExWhenValueNull container properties are set to true. An attacker can construct a malicious...
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2023-1809)
The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.252.b09-2.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1809 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting...
PT-2023-6951 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a deserialization flaw in the Microsoft Exchange Server, specifically with the SerializationTypeConverter class, which can be exploited due to...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
PT-2023-6952 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a deserialization mechanism weakness in Microsoft Exchange Server, specifically with the SerializationTypeConverter class, which can lead to...
GHSA-W5VR-6QHR-36CC `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...
CVE-2023-39395
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability...
CVE-2023-39395
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability...
Code injection
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability...