453 matches found
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
Apache Karaf code issue vulnerability (CNVD-2022-14707)
Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. Apache Karaf suffers from a code issue vulnerability that stems from insecure input validation when handling serialized data,...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
Apache Karaf 代码问题漏洞
Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. Apache Karaf suffers from a code issue vulnerability that stems from insecure input validation when handling serialized data,...
Apache log4j JMSSink deserialization code execution vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j JMSSink is vulnerable to deserialized code execution. The vulnerability stems from insecure input validation when the program is processing serialized data. A remote attacker could exploit the...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4J-RCE-Proof-Of-Concept CVE-2021-44228 This is a proof o...
Apache ShardingSphere Code Issue Vulnerability (CNVD-2021-102824)
Apache ShardingSphere, an open source distributed database middleware solution from the Apache Foundation, has a security vulnerability in the Apache ShardingSphere UI that stems from insecure deserialization of serialized data received by the application from users, which could be exploited by a...
Design/Logic Flaw
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...
CVE-2021-42698 AzeoTech DAQFactory
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...
Emerson WirelessHART Gateway 输入验证错误漏洞
The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. The Emerson WirelessHART Gateway suffers from an input validation error vulnerability that stems from insufficient input validation when processing serialized data. An attacker could exploit the vulnerability by sending...
Bridgecrew Checkov 代码问题漏洞
Bridgecrew Checkov is an open source application. Static code analysis tool for infrastructure-as-code. Bridgecrew Checkov suffers from a code issue vulnerability that stems from insecure input validation when processing serialized data, which could allow a remote user to pass specially designed...
McAfee 安全漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...
Information Disclosure
pwweb/laravel-core is vulnerable to information disclosure. The vulnerability exists due to the user password field being serialised and disclosed in plain form when requested in json or array form...
Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue...
Denial of Service Vulnerability in Weekly Shanghai App
Week to Shanghai app is a life service guide platform. A denial of service vulnerability exists in Zhou to Shanghai App, which can be exploited by an attacker to build malformed serialized Intent data to launch the app and cause the app to crash, posing information leakage and operational securit...