Lucene search
+L

270 matches found

Veracode
Veracode
added 2019/05/16 2:59 a.m.26 views

Null Pointer Dereference

PHP is vulnerable to null pointer deference vulnerability. The vulnerability exists in the phpwddxpopelement function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddxdeserializ...

7.5CVSS8.2AI score0.05793EPSS
Exploits0References8Affected Software1
Metasploit
Metasploit
added 2019/05/09 8:8 p.m.48 views

Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE

This module exploits a php object instantiation vulnerability that can lead to RCE in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which ca...

8.8CVSS7.8AI score0.54681EPSS
Exploits6
myhack58
myhack58
added 2019/04/17 12:0 a.m.136 views

. NET advanced code audit of the first ten classes ObjectStateFormatter deserialize vulnerability-vulnerability warning-the black bar safety net

0x00 Preface ObjectStateFormatter generally used for serialization and deserialization of the state object graph, such as the commonly used ViewState is through this class to do the serialization, is located in the namespace System. Web. The UI, the advantage is that on the basis of the type stor...

9.3CVSS1.3AI score0.17522EPSS
Exploits0
ossfuzz
ossfuzz
added 2019/04/13 3:22 p.m.17 views

skia/image_filter_deserialize: Crash in bits_to_runs

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5202075178237952 Project: skia Fuzzer: libFuzzerskiaimagefilterdeserialize Fuzz target binary: imagefilterdeserialize Job Type: libfuzzerasanskia Platform Id: linux Crash Type: UNKNOWN READ Crash...

6.8AI score
Exploits0Affected Software1
OSV
OSV
added 2019/04/12 6:23 a.m.10 views

SUSE-SU-2019:0054-2 Security update for systemd

This update for systemd fixes the following issues: Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 bsc1120323: Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability...

7.8CVSS8.4AI score0.02958EPSS
Exploits7References8
Github Security Blog
Github Security Blog
added 2019/04/08 3:19 p.m.31 views

CoAPthon DoS due to Exceptions

The Serialize.deserialize method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client when they receive...

7.5CVSS7AI score0.0146EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2019/04/04 12:0 a.m.5 views

CoAPthon Serialize.deserialize() method denial of service vulnerability

CoAPthon is an RFC compliant python library for the CoAP protocol. A denial of service vulnerability exists in the Serialize.deserialize method in CoAPthon 3 version 1.0 and version 1.0.1. An attacker can exploit the vulnerability to cause applications using this library e.g., standard coap serve...

7.5CVSS6.7AI score0.01446EPSS
Exploits1References1
PyPA
PyPA
added 2019/04/02 8:29 p.m.8 views

PYSEC-2019-165

The Serialize.deserialize method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client when they receive...

7.5CVSS6.8AI score0.0146EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2019/04/02 7:29 p.m.11 views

PYSEC-2019-166

The Serialize.deserialize method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, example collect CoAP server and client when they receive crafted CoAP messages...

7.5CVSS6.8AI score0.01446EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/02 7:29 p.m.8 views

PYSEC-2019-166

The Serialize.deserialize method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, example collect CoAP server and client when they receive crafted CoAP messages...

7.5CVSS5.9AI score0.01446EPSS
Exploits1References2
myhack58
myhack58
added 2019/03/06 12:0 a.m.171 views

. NET advanced code audit(the first lesson)XmlSerializer deserialization vulnerability-vulnerability warning-the black bar safety net

在.NET in the framework of the XmlSerializer class is a great tool, it is a highly structured XML data is mapped to . NET objects. The XmlSerializer class in the program through a single API call to perform the XML document and the object conversion between. The conversion mapping rules in the . N...

6.5CVSS1.8AI score0.94789EPSS
Exploits6
OSV
OSV
added 2019/01/09 9:8 p.m.7 views

SUSE-SU-2019:0054-1 Security update for systemd

This update for systemd fixes the following issues: Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 bsc1120323: Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability...

7.8CVSS8.4AI score0.02958EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2018/12/11 12:0 a.m.34 views

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 CVE-2018-15686: A vulnerability in unitdeserialize ...

8.8CVSS7.2AI score0.02279EPSS
Exploits4References14
OSV
OSV
added 2018/11/19 10:3 p.m.4 views

USN-3816-2 systemd vulnerability

USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unitdeserialize incorrectly handled status messages above ...

7.8CVSS6.8AI score0.00532EPSS
Exploits1References2
OSV
OSV
added 2018/11/07 2:29 p.m.33 views

PYSEC-2018-74

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

9.8CVSS5.6AI score0.53934EPSS
Exploits5References3
ossfuzz
ossfuzz
added 2018/09/22 6:29 p.m.15 views

skia/image_filter_deserialize: Crash in SkTInternalLList<TriangulationVertex>::addToTail

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5674426696204288 Project: skia Fuzzer: libFuzzerskiaimagefilterdeserialize Fuzz target binary: imagefilterdeserialize Job Type: libfuzzerubsanskia Platform Id: linux Crash Type: UNKNOWN READ Crash...

6.8AI score
Exploits0Affected Software1
OSV
OSV
added 2018/09/20 6:29 a.m.5 views

UBUNTU-CVE-2018-17234

Memory leak in the H5Ochunkdeserialize function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumption via a crafted HDF5 file...

6.5CVSS6.9AI score0.01494EPSS
Exploits1References4
CNVD
CNVD
added 2018/09/20 12:0 a.m.4 views

HDF5 Memory Leak Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A memory leak vulnerability exists in the 'H5Ochunkdeserialize' function of the H5Ocache.c file in HDF5 1.10.3 and earlier...

6.5CVSS7AI score0.01494EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/09/16 5:21 a.m.19 views

Vanilla: Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Summary: An authenticated admin user can inject an serialized payload into a phar archive and trigger read access to it via an unprotected fileexists. An attacker can leverage this to deserialize untrusted data and gain remote code execution. Notes: - You need to have an admin account to run this...

Exploits0
Positive Technologies
Positive Technologies
added 2018/09/15 12:0 a.m.2 views

PT-2018-3948 · Hdf +4 · Hdf5 +4

Name of the Vulnerable Software and Affected Versions: HDF5 versions through 1.10.3 Description: The issue is related to a memory leak in the H5O chunk deserialize function in the H5Ocache.c component of the HDF5 library. This allows attackers to cause a denial of service by consuming memory via ...

9.8CVSS6AI score0.02948EPSS
Exploits21References153
Rows per page
Query Builder