ASB-A-196970023

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Exploit for Deserialization of Untrusted Data in Apache Storm

CVE-2021-40865 CVE-2021-40865 POC/exploit-poc java impo...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows a hacker to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause a service failure by consuming excessive resources on the central processor...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...

[SECURITY] [DSA 5004-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...

Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching

CVE-2021-33026 Pickle Serialization Remote Code Execution - Me...

CVE-2021-42698

Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...

CVE-2021-42698

CVE-2021-42698 affects DAQFactory (all versions 18.1 Build 2347 and earlier). The vulnerability arises from deserialization of project files stored as binary memory objects, allowing memory corruption if a crafted file is opened. ICSA-21-308-02 notes the issue exists in the Deserialization of Unt...

ASB-A-195962697

In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

openSUSE 15 Security Update : xstream (openSUSE-SU-2021:1401-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1401-1 advisory. - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attack...

[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

SolarWinds Patch Manager WSAsyncExecuteTasks Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSAsyncExecuteTasks endpoint. The issue results from the lack of proper...

Huawei EulerOS: Security Advisory for usbredir (EulerOS-SA-2021-2621)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : xstream (ELSA-2021-3956)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3956 advisory. - Resolves: CVE-2021-39148 - Resolves: CVE-2021-39139 - Resolves: CVE-2021-39140 - Resolves: CVE-2021-39141 - Resolves: CVE-2021-39144 - Resolves:...

Important: Red Hat Security Advisory: xstream security update

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

RUSTSEC-2021-0120 abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...