CVE-2020-11112

CVE-2020-11112 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interaction is mishandled (related to org.apache.commons.proxy.provider.remoting.RmiProvider). This is a deserialization issue that could enable malicious payload execution; affected prod...

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider aka apache/commons-proxy...

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider aka apache/commons-proxy...

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

CVE-2020-11113

CVE-2020-11113 is a deserialization vulnerability in FasterXML jackson-databind (2.x before 2.9.10.4) tied to typing gadget interactions (notably related to org.apache.openjpa.ee.WASRegistryManagedRuntime). The connected documents corroborate an exploit path via unsafe deserialization leading to ...

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

Unspecified Vulnerability in USC iLab cereal

USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier, which stems from the inability of a serialized 'std::sharedptr' variable to be serialized back to its original value. No details of the vulnerability are provided at...

USC iLab cereal buffer overflow vulnerability

USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier. An attacker can exploit the vulnerability to obtain sensitive information memory layout or private key...

PT-2020-10891 · Mongodb · Js-Bson

Name of the Vulnerable Software and Affected Versions: js-bson library version 1.1.3 and prior Description: The issue is caused by incorrect parsing of certain JSON input, which may result in js-bson not correctly serializing BSON. This can cause unexpected application behavior, including data...

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

Design/Logic Flaw

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

Stack overflow

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

CVE-2020-11104

CVE-2020-11104 affects USC iLab cereal up to version 1.3.0. Its serialization of an initialized long double into BinaryArchive/PortableBinaryArchive leaks several bytes of stack/heap memory, enabling leakage of sensitive information (memory layout or private keys) if the archive is distributed in...

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

CVE-2020-11105

CVE-2020-11105 affects USC iLab cereal up to version 1.3.0, where serialization fidelity of std::shared_ptrs can be broken because the library caches shared_ptr raw addresses as identifiers. When a shared_ptr goes out of scope and a new one is allocated at the same address, serialized values may ...