Lucene search
+L

270 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.31 views

Rockwell FactoryTalk Services Platform < 6.20 Deserialization

The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is prior to 6.20. It is, therefore, affected by a vulnerability. - Factory Talk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCP/8082, which can insecurely deserialize untrusted...

10CVSS8.3AI score0.05363EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/01/05 2:34 a.m.3 views

SUSE CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an...

7.5CVSS7.6AI score0.32908EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2024/01/02 12:0 a.m.14 views

WordPress GiveWP Plugin < 2.26.0 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; if description...

9.8CVSS8.8AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2023/12/06 7:59 a.m.19 views

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS7.3AI score0.00958EPSS
Exploits1References3
OSV
OSV
added 2023/11/29 8:15 p.m.3 views

DEBIAN-CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS7.3AI score0.00958EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/11/29 8:15 p.m.5 views

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS7.1AI score0.00958EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/11/29 8:15 p.m.41 views

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS7.1AI score0.00958EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/29 12:0 a.m.4 views

PT-2023-31017 · Openlink +1 · Openlink Virtuoso-Opensource +1

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.11 Description: An issue in the box deserialize reusing function allows attackers to cause a Denial of Service DoS after running a SELECT statement. Recommendations: For openlink virtuoso-opensource...

7.5CVSS6.6AI score0.00958EPSS
Exploits1References12
CNNVD
CNNVD
added 2023/11/29 12:0 a.m.6 views

Virtuoso Open-Source Edition Security Vulnerabilities

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which ste...

7.5CVSS7.2AI score0.00958EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.35 views

Ubuntu 16.04 ESM : Puppet vulnerabilities (USN-4804-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4804-1 advisory. It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or...

8.2CVSS7.8AI score0.02375EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/20 12:0 a.m.19 views

CVE-2023-39680

Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code...

7.5CVSS10AI score0.00576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.7 views

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

7.5CVSS6.8AI score0.02706EPSS
Exploits1References4
Prion
Prion
added 2023/04/19 8:15 p.m.14 views

Out-of-bounds

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

1.7CVSS5AI score0.00087EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/19 12:0 a.m.23 views

CVE-2023-20935

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

5.3AI score0.00087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.4 views

PT-2023-9521 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the mp box deserialize string function, which is vulnerable due to improper neutralization of special elements used in SQL commands. This can be exploited by a...

7.8CVSS7.8AI score0.00909EPSS
Exploits16References79
Github Security Blog
Github Security Blog
added 2023/03/24 10:0 p.m.23 views

Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses

Impact An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. Patches The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserti...

7.5CVSS7.3AI score0.00556EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/03/24 12:0 p.m.26 views

RUSTSEC-2023-0030 `Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses

An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...

5.7CVSS6.2AI score0.00556EPSS
Exploits0References3
RustSec
RustSec
added 2023/03/24 12:0 p.m.50 views

`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses

An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...

7.5CVSS6.7AI score0.00556EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.6 views

SUSE CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...

9.8CVSS9.2AI score0.36009EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.6 views

SUSE CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

7.5CVSS7.8AI score0.11402EPSS
Exploits1References11
Rows per page
Query Builder