Deserialization Of Untrusted Data

org.springframework.kafka, spring-kafka is vulnerable to Deserialization Of Untrusted Data. The vulnerability is caused by not setting ErrorHandlingDeserializer when checkDeserExWhenKeyNull or checkDeserExWhenValueNull container properties are set to true. An attacker can construct a malicious...

CVE-2023-34040

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

CVE-2020-15292

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor IntPeGetDirectory, TOCTOU IntPeParseUnwindData or insufficie...

CCMPlayer 1.5 Stack based Buffer Overflow (.m3u)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...