55 matches found
CVE-2024-5335
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...
Pytorch-Lightning Security Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...
CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...
ASB-A-311687929
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...
Redisson Code Issue Vulnerability
Redisson is a Java memory-resident data grid from Redisson open source. A code issue vulnerability exists in Redisson version 3.22.0, which stems from the fact that some messages received from a Redis server contain client-side deserialized Java objects without further validation, which can be...
FreeBSD : py39-celery -- command injection vulnerability (0a38a0d9-757f-4ac3-9561-b439e933dfa9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a38a0d9-757f-4ac3-9561-b439e933dfa9 advisory. - This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored i...
Denial Of Service (DoS)
log4j:log4j is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the Chainsaw or SocketAppender components processing a logging entry with either a deeply nested hashmap or hashtable, which can lead to memory exhaustion when the object is deserialized. An attacker can submi...
K30518307: Java commons-collections library vulnerability CVE-2015-4852
Security Advisory Description CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is...
Design/Logic Flaw
lesspipe before 2.06 allows attackers to execute code via Perl Storable pst files, because of deserialized object destructor execution via a key/value pair in a hash...
CVE-2022-44542
CVE-2022-44542 affects lesspipe up to version 2.05; vulnerability arises from handling Perl Storable (pst) files where a crafted PST can trigger deserialized object destructor execution, enabling remote code execution. Impact is described as total compromise with high confidentiality, integrity, ...
GitHub Enterprise Server 代码问题漏洞
GitHub Enterprise Server is an open source application from Github in the United States. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions pri...
WordPress Booking Calendar plugin代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Booking Calendar plugin is vulnerable to a code issue that could be exploited by attackers...
WordPress plugin Booking Calendar 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Booking Calendar plugin is vulnerable to a code issue that could be exploited by attackers...
py39-celery -- command injection vulnerability
Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within ...
codeception 代码问题漏洞
codeception is an open source PHP full-stack testing framework. A security vulnerability exists in codeception, which stems from a problem with codeception from 4.0.0 and before 4.1.22 and before 3.1.3. The RunProcess class can be used as a gadget to run arbitrary commands on a system that can...
Bitcoinsv Resource Management Error Vulnerability
Bitcoinsv is a software implementation of the original Bitcoin protocol by the Bitcoinsv Association. The software can be used to build Bitcoin infrastructure. A resource management error vulnerability exists in versions prior to Bitcoinsv 0.1.1 that allows uncontrolled resource consumption durin...
Multiple Honeywell Products Code Issue Vulnerabilities
Honeywell Maxpro VMS & NVR is a Honeywell security solution. A code issue vulnerability exists in multiple Honeywell products, which can be exploited by a remote attacker to modify deserialized data without authentication by sending a specially crafted request to execute code...
CVE-2019-13292
WebERP 4.15 is affected by CVE-2019-13292. Payments.php accepts payment data in base64, decodes it, deserializes it, and then directly inserts that data into a SQL query without sanitization, exposing a SQL injection vulnerability. The issue is documented across multiple sources (Red Hat, NVD, os...
Arbitrary File Write
jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...