UBUNTU-CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

GHSA-5M22-CFQ9-86X6 Pickle serialization vulnerable to Deserialization of Untrusted Data

What We are using pickle as default serialization module but that has known security issues see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9. In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles...

Fedora: Security Advisory for rust-pythonize (FEDORA-2023-c0696d7b53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: rust-pythonize-0.19.0-1.fc37

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

PT-2023-11602 · Unknown +1 · Oggvideotools +1

Name of the Vulnerable Software and Affected Versions: oggvideotools version 0.9.1 Description: A Segmentation Fault issue was discovered in the StreamSerializer::extractStreams function in streamSerializer.cpp, allowing remote attackers to cause a denial of service crash via the opening of a...

The vulnerability of the CreateSerializerSettings() function in the JSON Serializer component allows a hacker to trigger a service failure. This vulnerability is related to the C# language protocol implemented by the language server.

The vulnerability of the CreateSerializerSettings function in the JSON Serializer component is related to the implementation of the C language server protocol. This vulnerability leads to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service...

CVE-2022-4952

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

CVE-2022-4952

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

Information disclosure

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

CVE-2022-4952 OmniSharp csharp-language-server-protocol JSON Serializer SerializerBase.cs CreateSerializerSettings resource consumption

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

CVE-2022-4952

CVE-2022-4952 affects OmniSharp csharp-language-server-protocol up to 0.19.6. The vulnerability lies in the JSON Serializer’s CreateSerializerSettings function (SerializerBase.cs), where manipulation leads to resource consumption and potential denial of service. A fix is available in version 0.19...

OmniSharp csharp-language-server-protocol 资源管理错误漏洞

OmniSharp csharp-language-server-protocol is the C language server protocol for OmniSharp. A resource management error vulnerability exists in OmniSharp csharp-language-server-protocol prior to version 0.19.7, which stems from the file src/JsonRpc/Serialization/SerializerBase.cs where the The...

Memory corruption

Memory corruption in Audio while processing svamodelserializer using memory size passed by HIDL client...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue in Audio when using memory passed by the HIDL client for the svamodelserializer...

PT-2023-18302 · Audio · Audio

Name of the Vulnerable Software and Affected Versions: Audio affected versions not specified Description: The issue is related to memory corruption in the Audio component when processing sva model serializer using a memory size passed by the HIDL client. Recommendations: At the moment, there is n...

Debian: Security Advisory (DSA-2089-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

SUSE CVE-2013-0753

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before...

SUSE CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

SUSE CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...