Lucene search
K

224 matches found

OSV
OSV
added 2025/06/24 1:0 p.m.4 views

CVE-2025-6566 oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow

A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit ha...

6.9CVSS6.4AI score0.00674EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/06/24 1:0 p.m.3 views

CVE-2025-6566 oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow

A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit ha...

6.9CVSS7.3AI score0.00674EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.9 views

CVE-2021-26305

An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...

9.8CVSS6.9AI score0.01688EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:26 p.m.8 views

CVE-2021-25641

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...

9.8CVSS7.1AI score0.17666EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.17 views

CVE-2021-29508

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

9.1CVSS6.5AI score0.01584EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/10 12:0 a.m.7 views

The vulnerability of the max96712_probe() function in the driver of the MAX96712 deserializer (drivers/staging/media/max96712/max96712.c) in Linux operating systems allows a malicious actor to trigger a service failure.

The vulnerability of the max96712probe function in the MAX96712 driver’s deserialization library drivers/staging/media/max96712/max96712.c in Linux operating systems is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6.7AI score0.00186EPSS
Exploits0References11Affected Software4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2015-6835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple phpvarunserialize calls, which allow remote...

9.8CVSS8.5AI score0.36992EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.5 views

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

7.5CVSS6.8AI score0.02656EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.8 views

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

7.5CVSS6.8AI score0.02656EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.9 views

Malicious code in active-model_serializers-jsonapi_embedded_records_deserializer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/06 6:30 p.m.26 views

Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS9.8AI score0.26488EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2024/06/06 6:15 p.m.60 views

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS0.26488EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.9 views

Fedora: Security Advisory for rust-pythonize (FEDORA-2024-d408b654d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.01463EPSS
Exploits0References2
Fedora
Fedora
added 2024/05/03 1:44 a.m.19 views

[SECURITY] Fedora 40 Update: rust-pythonize-0.21.1-1.fc40

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

6.5CVSS7.3AI score0.01463EPSS
Exploits0
Fedora
Fedora
added 2024/05/03 1:37 a.m.31 views

[SECURITY] Fedora 38 Update: rust-pythonize-0.21.1-1.fc38

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

6.5CVSS7.3AI score0.01463EPSS
Exploits0
Fedora
Fedora
added 2024/05/03 1:33 a.m.16 views

[SECURITY] Fedora 39 Update: rust-pythonize-0.21.1-1.fc39

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

6.5CVSS7.3AI score0.01463EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.3 views

PT-2024-25683

Name of the Vulnerable Software and Affected Versions sagemaker-python-sdk versions prior to 2.218.0 Description The issue concerns potentially unsafe deserialization in the sagemaker.base deserializers.NumpyDeserializer module when untrusted data is passed as pickled object arrays. This may allo...

7.8CVSS7.6AI score0.00408EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.4 views

PT-2024-11035 · Dbartholomae · Lambda-Middleware Frameguard

Name of the Vulnerable Software and Affected Versions: dbartholomae lambda-middleware frameguard versions up to 1.0.4 Description: A problematic issue has been found in the JSON Mime-Type Handler component, specifically in the file packages/json-deserializer/src/JsonDeserializer.ts. The...

6.5CVSS4.6AI score0.00446EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2023/09/19 12:0 a.m.21 views

Fedora: Security Advisory for rust-pythonize (FEDORA-2023-c0696d7b53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.6AI score0.00981EPSS
Exploits1References2
Fedora
Fedora
added 2023/09/18 1:37 a.m.33 views

[SECURITY] Fedora 37 Update: rust-pythonize-0.19.0-1.fc37

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

6.5CVSS7.1AI score0.00981EPSS
Exploits1
Rows per page
Query Builder