48 matches found
SUSE-SU-2023:2884-1 Security update for python310
This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...
Fedora: Security Advisory for golang-github-gogo-protobuf (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35
Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...
DEBIAN-CVE-2021-3623
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2. The repository contains a Java application that demonstrates the exploitation of this vulnerability. The application is built using Maven and includes various marshalling libraries that allow for...
A8: Insecure Deserialization ❗️ — Top 10 OWASP 2017
A8: Insecure Deserialization ❗️ — Top 10 OWASP 2017 Introduction Insecure serialization has historically been seen as a super hard to grasp vulnerability, almost like a black box but while it does contain it’s challenges, so does every other issue type on the OWASP top 10. serialization is a...
CVE-2021-3623
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...
GHSA-F6MQ-5M25-4R72 go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to and...
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to and...
Design/Logic Flaw
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...
CVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...
UBUNTU-CVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...
CVE-2021-20329
CVE-2021-20329 affects the MongoDB Go Driver prior to 1.5.0. Specific crafted strings in Go objects marshalled to BSON may inject extra fields into documents due to improper validation, exposing potential data integrity risks. The issue is documented in the GitHub advisory (GHSA-F6MQ-5M25-4R72) a...
PT-2021-13888 · Mongodb · Mongodb Go Driver
Name of the Vulnerable Software and Affected Versions: MongoDB Go Driver versions prior to and including 1.5.0 Description: The MongoDB Go Driver has an issue where specific cstrings input may not be properly validated when marshalling Go objects into BSON. This could allow a malicious user to...
Improper Input Validation
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents...
Fedora 29 : godot (2018-8d58297dc0)
Security update: Godot 3.0.6 This update brings the latest upstream release of Godot Engine, with several bug fixes and improvements applied on top of Godot 3.0.4. This release is compatible with previous Godot 3.0.x versions and should load existing projects without issue. Version 3.0.6 also fix...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The library does not handle the marshalling of prototypeObject properly, leading to a type confusion error that can cause the application to crash or arbitrary code to be executed...
Unsafe Deserialization
redis-store is vulnerable to unsafe deserialization. The marshalling ability of redis-store allows attackers to load unsafe objects from redis. In order to be vulnerable to this, the options:marshalling needs to be used...
Google Android - Inter-process munmap in android.util.MemoryIntArray
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the Parcelable interface, it can be passed within a Parcel or a Bundle and...
CakePHP 3.0.4 Released
CakePHP 3.0.4 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.4. This is a maintenance release that contains security fixes and bugfixes. Security Fixes There are two issues that can impact the security of a CakePHP application: CsrfComponent fails to...