DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3 that stems...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States of America Odo than Adobe company's set of rapid application development platform. Adobe ColdFusion suffers from a deserialization vulnerability, which occurs when the program lacks strict checksums when processing externally-entered serialized data. The...

WordPress Modal 1.5.8 Code Execution / Denial of Service

WordPress Modal plugin versions 1.5.8 and below suffer from remote code execution and denial of service vulnerabilities due to unsafe deserialization. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title Wordpress Modal Popup Box Plugin - Multiple Vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2016-7417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/spl/splarray.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allo...

CVE-2023-34398

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference...

SUSE CVE-2024-11831

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5048. Original Description A deserialization vulnerability exists in the Stub clas...

GHSA-CG28-V4WQ-WHV5 Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5048. Original Description A deserialization vulnerability exists in the Stub clas...

CVE-2024-36610

CVE-2024-36610 is associated with Symfony’s VarDumper deserialization issue in the Stub class, reportedly allowing crafted serialized data to trigger code execution. The primary public entries treat the candidate as withdrawn/invalid (e.g., advisories and sources noting withdrawal or removal). A ...

CVE-2024-36610

...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

K000141270: PHP vulnerabilities CVE-2016-7411, CVE-2016-9138, CVE-2016-9137, CVE-2016-4541, and CVE-2016-4540

Security Advisory Description CVE-2016-7411 ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that referenc...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

serialized-data-interface (=0.5.0) potentially affected by CVE-2024-41129 via ops (=2.0.0)

ops PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ops and may be impacted: - serialized-data-interface =0.5.0 Source cves: CVE-2024-41129 Source advisory: OSV:GHSA-HCMV-JMQH-FJGM...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of serialized data in the loadpyfunc function within mlflow/pyfunc/model.py. This flaw allows an attacker to inject a malicious pickle object into a PyFunc model file, which results in...

CVE-2024-34274

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclientspot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer...

VulnCheck KEV: CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

GPT Academic Code Execution Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code execution vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by an...

GPT Academic 安全漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code execution vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by an...