XSS in Chat Message Leads to Account Tackover

Description The vulnerability resides in the data persistence layer of the application. The fromdict method in the AppLollmsMessage class acts as a "sink" for raw data. It retrieves the content value from an input dictionary and assigns it directly to the object without any form of sanitization o...

EUVD-2016-4750

Malware in sbrugna...

EUVD-2022-3851

Malicious code in bioql PyPI...

CVE-2024-52577

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

Denial Of Service (DoS)

spring-amqp is vulnerable to denial of service. An attacker can cause an application crash through the message.toString function as it deserialize the body for a message with content-type application/x-java-serialized-object by constructing a malicious java.util.Dictionary object...

Chromium: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access

VULNERABILITY DETAILS Mojo IPC allows endpoints to communicate with one another, potentially across process boundaries. Each endpoint initially receives a handle to the broker host node, using which it can request subsequent "child" channels to be created...

Pivotal Spring AMQP Remote Code Execution Vulnerability

Spring AMQP is based on the Spring Framework AMQP messaging solution , providing templated send and receive messages to the abstraction layer , providing message-driven POJO-based message listening and so on. A remote code execution vulnerability exists in Pivotal Spring AMQP...

Deserialization of untrusted data

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

CVE-2016-6330

CVE-2016-6330 affects Red Hat JBoss Operations Network (JON). The issue allows remote code execution via a crafted HTTP request when SSL authentication is not configured for JON server/agent communication, linked to message deserialization. Affected versions are before 3.3.6; the root cause relat...

CVE-2016-6330

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

PT-2016-6830 · Red Hat · Red Hat Jboss Operations Network

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Operations Network JON affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization, when SSL authentication is not...

CVE-2016-3737

The server in Red Hat JBoss Operations Network JON before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization...

CVE-2016-3737

The server in Red Hat JBoss Operations Network JON before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization...

Deserialization of untrusted data

The server in Red Hat JBoss Operations Network JON before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization...

CVE-2016-3737

The CVE-2016-3737 entry concerns Red Hat JBoss Operations Network (JON) prior to 3.3.6, where remote code execution is possible through a crafted HTTP request due to deserialization issues in the JON server. The issue is tied to message deserialization and is referenced across several feeds (NVD,...

CVE-2016-3737

The server in Red Hat JBoss Operations Network JON before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization...

CVE-2010-4574

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or...

CVE-2010-4574

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or...