4170 matches found
CVE-2017-15415
Removed by vendor...
CVE-2017-15415
Google Chrome IPC Pointer Information Disclosure vulnerability (CVE-2017-15415) stems from incorrect serialization in the IPC component, allowing a remote attacker to leak a pointer value via a crafted HTML page on affected builds prior to 63.0.3239.84. Public descriptions in CNVD-2018-22403 corr...
CVE-2018-1000224
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...
CVE-2018-1000224
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...
Integer overflow
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...
CVE-2018-1000224
The CVE-2018-1000224 issue affects Godot Engine: vulnerable in (De)Serialization paths in core/io/marshalls.cpp across all versions earlier than 2.1.5 and 3.0 before 3.0.6. It exposes a Signed/unsigned comparison, wrong buffer size checks, integer overflow, and missing padding initialization, ena...
CVE-2018-1000224
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...
CVE-2018-1000224
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...
php new exploit techniques—phar://-bug warning-the black bar safety net
Last week, in the United States the BlackHat conference to announce a for the PHP application to the new exploit. You can be in this article to understand it. Summary From Secarma security researcher Sam Thomas discovered a new exploit way, you can not use the php function unserializeis the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by the IBM Spectrum Scale GUI. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4843 DESCRIPTION: An unspecified...
Apache Ignite Arbitrary Code Execution Vulnerability (CNVD-2018-15540)
Apache Ignite is the United States Apache Apache Software Foundation's set of high-performance, integrated and distributed for large-scale data set processing in-memory computing and transaction management platform. An arbitrary code execution vulnerability exists in Apache Ignite 2.5 and earlier...
CVE-2018-8018
In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...
CVE-2018-8018
In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...
CVE-2018-8018
Impacted component: Apache Ignite. Affected versions include before 2.4.8 and 2.5.x before 2.5.3, where the serialization mechanism does not maintain a whitelist of allowed classes. Root cause: grids deserializing untrusted data via GridClientJdkMarshaller without a restricted class list, enablin...
Code Execution through IIFE in node-serialize
Affected versions of node-serialize can be abused to execute arbitrary code via an immediately invoked function expression IIFE if untrusted user input is passed into unserialize. Recommendation There is no direct patch for this issue. The package author has reviewed this advisory, and provided t...
GHSA-MM62-WXC8-CF7M Code Execution Through IIFE in serialize-to-js
Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept js var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...
CVE-2016-9498
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2089)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2089 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2090)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2090 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...