224 matches found
CVE-2025-6566 oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit ha...
CVE-2025-6566 oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit ha...
CVE-2021-26305
An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...
CVE-2021-25641
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...
CVE-2021-29508
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...
The vulnerability of the max96712_probe() function in the driver of the MAX96712 deserializer (drivers/staging/media/max96712/max96712.c) in Linux operating systems allows a malicious actor to trigger a service failure.
The vulnerability of the max96712probe function in the MAX96712 driver’s deserialization library drivers/staging/media/max96712/max96712.c in Linux operating systems is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...
Linux Distros Unpatched Vulnerability : CVE-2015-6835
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple phpvarunserialize calls, which allow remote...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
Malicious code in active-model_serializers-jsonapi_embedded_records_deserializer (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Remote code execution in pytorch lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
CVE-2024-5452
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
Fedora: Security Advisory for rust-pythonize (FEDORA-2024-d408b654d6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-pythonize-0.21.1-1.fc40
Serde Serializer & Deserializer from Rust Python, backed by PyO3...
[SECURITY] Fedora 38 Update: rust-pythonize-0.21.1-1.fc38
Serde Serializer & Deserializer from Rust Python, backed by PyO3...
[SECURITY] Fedora 39 Update: rust-pythonize-0.21.1-1.fc39
Serde Serializer & Deserializer from Rust Python, backed by PyO3...
PT-2024-25683
Name of the Vulnerable Software and Affected Versions sagemaker-python-sdk versions prior to 2.218.0 Description The issue concerns potentially unsafe deserialization in the sagemaker.base deserializers.NumpyDeserializer module when untrusted data is passed as pickled object arrays. This may allo...
PT-2024-11035 · Dbartholomae · Lambda-Middleware Frameguard
Name of the Vulnerable Software and Affected Versions: dbartholomae lambda-middleware frameguard versions up to 1.0.4 Description: A problematic issue has been found in the JSON Mime-Type Handler component, specifically in the file packages/json-deserializer/src/JsonDeserializer.ts. The...
Fedora: Security Advisory for rust-pythonize (FEDORA-2023-c0696d7b53)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: rust-pythonize-0.19.0-1.fc37
Serde Serializer & Deserializer from Rust Python, backed by PyO3...