SUSE-SU-2026:21425-1 Security update for python-jwcrypto

This update for python-jwcrypto fixes the following issues: - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE tokens bsc1261802...

EUVD-2025-176506

Malicious code in scale-deserialize-function-optimize-hot npm...

Arbitrary Code Execution

contao/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to untrusted POST data being passed to the deserialize function which could result in Arbitrary Code Execution...

PT-2024-40504 · Contao · Contao/Core

Name of the Vulnerable Software and Affected Versions: contao/core affected versions not specified Description: A PHP object injection issue was identified due to untrusted data being passed to the deserialize function. Recommendations: At the moment, there is no information about a newer version...

SUSE CVE-2024-32613

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HLfldeserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

PT-2024-25419 · Xuxueli · Xuxueli Xxl-Job

Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-job versions 2.4.0 through 2.4.1 Description: A vulnerability was found in the deserialize function of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. This issue leads to injection. The...

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

PT-2022-7536 · Hdf5 +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.13.3 and earlier HDF5 versions 1.14.2 and earlier Description: The issue is related to a buffer overflow in the H5HG cache heap deserialize function of the HDF5 library, which can lead to a denial of service or potential code...

Apple macOS AudioCodecs LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Deserializ...

Denial Of Service (DoS)

serialize-to-js is vulnerable to denial of service DoS. The vulnerability exists as the unvalidated user input could cause an infinite loop in the deserialize function...

HDF5 Memory Leak Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A memory leak vulnerability exists in the 'H5Ochunkdeserialize' function of the H5Ocache.c file in HDF5 1.10.3 and earlier...

Design/Logic Flaw

DISPUTED The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agree...

CVE-2017-5954

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...

Google Chrome Multiple Vulnerabilities (Jan 2016) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2015-8664

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different...