CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2022-41596

CVE-2022-41596 affects Huawei HarmonyOS (System Tools) with a serialization/deserialization inconsistency in the System Tools class. The vulnerability enables unauthorized startup of components due to improper handling of serialized data, as described across multiple sources. Public details in th...

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

WordPress plugin Phlox 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

USN-5769-1 protobuf vulnerabilities

It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-5237 It was discovered that...

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

Sql injection

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a serialization and deserialization inconsistency vulnerability in the System Tools cla...

QEMU Buffer Overflow Vulnerability (CNVD-2022-84156)

QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from a lack of validation of the input data size or length in the readerstrecord and...

UBUNTU-CVE-2022-4172

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table ERST device of QEMU in the readerstrecord and writeerstrecord functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could...

CVE-2022-4172

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table ERST device of QEMU in the readerstrecord and writeerstrecord functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could...

CVE-2022-4172

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table ERST device of QEMU in the readerstrecord and writeerstrecord functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an...

Updates on Spring Cloud Stream 4.0.0 Schema Registry Support

This blog gives an update on the Schema Registry support that is part of Spring Cloud Stream version 4.0.x. Many enterprises use a schema registry for schema evolution use cases, such as the Confluent Schema Registry. Starting with version 1.1.x of Spring Cloud Stream until 3.0.0, we provided a...

Msgpack 安全漏洞

Msgpack is open source an efficient binary serialization format . It allows you to exchange data between multiple languages such as JSON. But it's faster and smaller. Small integers are encoded as one byte, and typical short strings require only one extra byte in addition to the string itself...

CVE-2022-44559

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

CVE-2022-44562

The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...