CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

Deserialization of untrusted data

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

PYSEC-2020-49

DISPUTED jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must no...

UBUNTU-CVE-2020-22083

DISPUTED jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must no...

CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

CVE-2016-11034

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 October 2016...

Code injection

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 October 2016...

HDF5 Buffer Overflow Vulnerability (CNVD-2020-21017)

HDF5 is a suite of tools for managing and storing different types of data. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A buffer overflow vulnerability exists in the 'H5Olayoutdecode' function of the H5Olayout.c file in HDF5...

CVE-2013-1753

The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...

UBUNTU-CVE-2015-8011

Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries...

Denial Of Service (DoS)

hashids is vulnerable to denial of service DoS. The vulnerability exists in the decode function in Hashids class whereby a remote attacker is able to produce an infinite loop that could lead to an application crash by submitting certain string of characters...

XORpass - Encoder To Bypass WAF Filters Using XOR Operations

XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpass cd XORpass $ php encode.php STRING $ php decode.php "XORed STRING" Example of bypass: Using clear PHP function: Using XOR bypass of that function: $ php encode.php...

edk2: Privilege escalation via heap-based buffer overflow in Decode() function

REJECTED CVE A heap-based buffer overflow issue was identified in EDK2 in the Decode function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file...

Denial Of Service (DoS)

Ruby is vulnerable to denial of serviceDoS attacks. An attacker could provide a specially crafted string to the OpenSSL::ASN1 decode function to cause the target interpreter to crash...

JWT Signature Verification Bypass

jwt-simple is vulnerable to signature verification bypass. A remote attacker is able to succeed in a JWT verification without specifying an algorithm in the decode function...

PT-2019-8750 · Open Information Security Foundation · Suricata

Name of the Vulnerable Software and Affected Versions: Suricata version 4.0.4 Description: The issue arises from incorrect handling of EtherNet/IP PDU parsing, which can lead to the parsing code reading beyond the allocated data due to an integer overflow during a length check in the DecodeENIPPD...

Heap overflow

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwgdecodeeeddata at decode.c for the z dimension...

Heap overflow

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwgdecodeeeddata at decode.c for the y dimension...

Exiv2 integer overflow vulnerability (CNVD-2019-07086)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability in Exiv2::IptcParser::decode in iptc.cpp in Exiv2 0.26 can be exploited by an attacker to cause a denial of service via specially crafted PSD image files...

PT-2018-3614 · Exiv2 +7 · Exiv2 +7

Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26 Description: The issue is related to the Exiv2::IptcParser::decode function in the iptc.cpp file, which may cause a denial of service due to a heap-based buffer over-read. This is caused by an integer overflow when processi...