4172 matches found
CVE-2023-39395
Technical details about CVE-2023-39395 are not publicly available in the provided documents. Monitor for official advisories; current descriptions only indicate a serialization mismatch potentially affecting availability, with no concrete affected products or remediation details disclosed here.
CVE-2023-39395
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability...
CVE-2023-39395
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability...
PT-2023-26923 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a mismatch vulnerability in the serialization process within the communication system. Successful exploitation of this...
PT-2023-4337 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: The issue is related to errors in data serialization within the JavaSerializationCodec class of Inductive Automation Ignition. This allows remote attackers to execute...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2023:0210)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0210 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...
RHEL 9 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4507)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4507 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
CVE-2023-20862
A flaw was found in Spring Security. In affected versions of Spring Security, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. Th...
org.apache.nifi.minifi:minifi-assembly (=1.22.0), org.apache.nifi:nifi-record-serialization-services-nar (>=1.10.0 <=1.22.0) +6 more potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-record-serialization-services (>=1.10.0 <=1.22.0)
org.apache.nifi:nifi-record-serialization-services MAVEN version =1.10.0, =1.10.0, =0.2.2, =0.2.2, =0.2.2, =0.2.2, =0.2.3 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...
Cross-Site Scripting (XSS)
typo3/html-sanitizer is vulnerable to Cross-Site Scripting XSS. The vulnerability exists because a malicious text embedded in a noscript element was not encoded appropriately due to a serialization layer encoding bug, which allows an attacker to inject and execute arbitrary JavaScript when noscri...
CVE-2023-38500
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
Cross site scripting
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
CVE-2023-38500 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
CVE-2023-38500 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
By-passing Cross-Site Scripting Protection in HTML Sanitizer
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem Due to an encoding issue in the serialization layer, malicious markup nested in a noscript element was not encoded correctly. noscript is disabled in the default configuration, but might have been enabled in custom...
K000135555: Java vulnerabilities CVE-2020-2756 and CVE-2020-2757
Security Advisory Description CVE-2020-2756 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows...
F5 Networks BIG-IP : Java vulnerabilities (K000135555)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000135555 advisory. CVE-2020-2756Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serializatio...
Security Bulletin: Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights
Summary IBM Operations Analytics Predictive Insights uses Google gson libraries for serialization/deserialization of objects in REST mediation service. A security vulnerability in versions prior to gson 2.8.9. could be exploited to compromise Operations Analytics Predictive Insights services...