CVE-2024-30687

CVE-2024-30687 has been withdrawn; multiple sources (NVD, CNNVD, CVE List) state: “DO NOT USE THIS CANDIDATE NUMBER. This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.” Consequently, there is ...

avro vs protobuf

A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and applicatio...

Protobuf vs JSON

A Beginners Guide to Understanding Protobuf & JSON When you dive into the sphere of data serialization, you're likely to encounter two dominant players - Protobuf, the colloquial term for Protocol Buffers, and JSON, standing for JavaScript Object Notation. Both of these formats carry distinctive...

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

CVE-2023-4314

The wpDataTables WordPress plugin prior to version 2.1.66 fails to validate the input for the Serialized PHP array before deserialization, enabling an admin-assisted PHP object injection that may lead to remote code execution if a gadget chain exists. Affected software: wpDataTables

The vulnerability of the JavaSerializationCodec class in the SCADA system of Inductive Automation Ignition allows a perpetrator to execute arbitrary code with privileges of SYSTEM.

The vulnerability of the JavaSerializationCodec class in the SCADA system of Inductive Automation Ignition is related to errors during data serialization. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code with SYSTEM privileges...

PT-2023-4337 · Inductive Automation · Inductive Automation Ignition

Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: The issue is related to errors in data serialization within the JavaSerializationCodec class of Inductive Automation Ignition. This allows remote attackers to execute...

ROS-20230619-06

Vulnerability in protobuf-c data serialization protocol is related to integer overflow in the function parserequiredmember. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a complete compromise of the vulnerable system...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle

Exploit Title: NVFLARE 2.1.4 - Unsafe Deserialization due to Pickle Exploit Author: Elias Hohl Google Dork: N/A Date: 2022-06-21 Vendor Homepage: https://www.nvidia.com Software Link: https://github.com/NVIDIA/NVFlare Version: 2.1.4 Tested on: Ubuntu 20.04 CVE : CVE-2022-34668...

Updates on Spring Cloud Stream 4.0.0 Schema Registry Support

This blog gives an update on the Schema Registry support that is part of Spring Cloud Stream version 4.0.x. Many enterprises use a schema registry for schema evolution use cases, such as the Confluent Schema Registry. Starting with version 1.1.x of Spring Cloud Stream until 3.0.0, we provided a...

Information disclosure

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-6.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

RegionProtect 参数注入漏洞

RegionProtect is a plugin. A security vulnerability exists in versions of RegionProtect prior to 1.1.0, which stems from a YAML injection issue in the application. An attacker can exploit the vulnerability by passing mismatched parameters to achieve denial of service attacks...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-5.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

Apache Avro Resource Management Error Vulnerability

Apache Avro is a data serialization system from the Apache Foundation, Inc. A resource management error vulnerability exists in Apache Avro, which stems from the product's .net SDK component not effectively limiting the amount of allocated resources. An attacker could allocate too many resources ...

USN-4940-1 pyyaml vulnerability

It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code...

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

Veeam ONE Remote Code Execution Vulnerabilities

Challenge Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. Severity : critical CVSS v3 score : 9.8 Cause Veeam ONE Age...