Lucene search
K

48 matches found

OSV
OSV
added 2023/07/19 2:55 p.m.9 views

SUSE-SU-2023:2884-1 Security update for python310

This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...

9.8CVSS7.8AI score0.27095EPSS
Exploits6References6
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.17 views

Fedora: Security Advisory for golang-github-gogo-protobuf (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/17 1:15 a.m.44 views

[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35

Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...

9.3CVSS8.9AI score0.05994EPSS
Exploits4
OSV
OSV
added 2022/03/02 11:15 p.m.1 views

DEBIAN-CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...

6.1CVSS6.7AI score0.00316EPSS
Exploits0References1
Gitee
Gitee
added 2021/12/17 11:42 p.m.18 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2. The repository contains a Java application that demonstrates the exploitation of this vulnerability. The application is built using Maven and includes various marshalling libraries that allow for...

10CVSS8.7AI score0.99999EPSS
Exploits351
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/09/28 6:31 a.m.61 views

A8: Insecure Deserialization ❗️ — Top 10 OWASP 2017

A8: Insecure Deserialization ❗️ — Top 10 OWASP 2017 Introduction ‌Insecure serialization has historically been seen as a super hard to grasp vulnerability, almost like a black box but while it does contain it’s challenges, so does every other issue type on the OWASP top 10. serialization is a...

6.5CVSS7.3AI score0.0368EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/06/28 10:49 a.m.96 views

CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...

6.1CVSS0.9AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2021/06/15 4:8 p.m.34 views

GHSA-F6MQ-5M25-4R72 go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to and...

6.8CVSS6.6AI score0.00961EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/06/15 4:8 p.m.138 views

go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to and...

6.8CVSS6.5AI score0.00961EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2021/06/10 5:15 p.m.21 views

Design/Logic Flaw

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

4CVSS6.6AI score0.00961EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2021/06/10 5:15 p.m.37 views

CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

6.8CVSS6.6AI score0.00961EPSS
Exploits0References2
OSV
OSV
added 2021/06/10 5:15 p.m.2 views

UBUNTU-CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

6.8CVSS7.3AI score0.00961EPSS
Exploits0References3
CVE
CVE
added 2021/06/10 4:30 p.m.296 views

CVE-2021-20329

CVE-2021-20329 affects the MongoDB Go Driver prior to 1.5.0. Specific crafted strings in Go objects marshalled to BSON may inject extra fields into documents due to improper validation, exposing potential data integrity risks. The issue is documented in the GitHub advisory (GHSA-F6MQ-5M25-4R72) a...

6.8CVSS6.7AI score0.00961EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/10 12:0 a.m.2 views

PT-2021-13888 · Mongodb · Mongodb Go Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Go Driver versions prior to and including 1.5.0 Description: The MongoDB Go Driver has an issue where specific cstrings input may not be properly validated when marshalling Go objects into BSON. This could allow a malicious user to...

6.8CVSS5.5AI score0.00961EPSS
Exploits0References14
GitLab Advisory Database
GitLab Advisory Database
added 2021/06/10 12:0 a.m.36 views

Improper Input Validation

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents...

6.8CVSS4.2AI score0.00961EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.27 views

Fedora 29 : godot (2018-8d58297dc0)

Security update: Godot 3.0.6 This update brings the latest upstream release of Godot Engine, with several bug fixes and improvements applied on top of Godot 3.0.4. This release is compatible with previous Godot 3.0.x versions and should load existing projects without issue. Version 3.0.6 also fix...

7.5CVSS7.3AI score0.03785EPSS
Exploits1References3
Veracode
Veracode
added 2018/08/16 4:40 a.m.26 views

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The library does not handle the marshalling of prototypeObject properly, leading to a type confusion error that can cause the application to crash or arbitrary code to be executed...

7.5CVSS8.1AI score0.14443EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2017/11/20 1:16 a.m.15 views

Unsafe Deserialization

redis-store is vulnerable to unsafe deserialization. The marshalling ability of redis-store allows attackers to load unsafe objects from redis. In order to be vulnerable to this, the options:marshalling needs to be used...

9.8CVSS9.1AI score0.01983EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2017/02/14 12:0 a.m.29 views

Google Android - Inter-process munmap in android.util.MemoryIntArray

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the Parcelable interface, it can be passed within a Parcel or a Bundle and...

7.4AI score
Exploits0
CakePHP
CakePHP
added 2015/05/07 12:0 a.m.24 views

CakePHP 3.0.4 Released

CakePHP 3.0.4 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.4. This is a maintenance release that contains security fixes and bugfixes. Security Fixes There are two issues that can impact the security of a CakePHP application: CsrfComponent fails to...

7.4AI score
Exploits0
Rows per page
Query Builder