7 matches found
PT-2025-40642
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's TLS implementation where the system may not properly abort a connection stream when invalid record headers are detected. Specifically, if the socket h...
Silverstripe Framework Security Vulnerability
silverstripe framework is a set of CMS website frameworks. A security vulnerability exists in Silverstripe Framework versions 4.x prior to 4.13.39 and 5.x prior to 5.1.11, which stems from a user being able to access record headers that they are not authorized to view...
Deserialization Of Untrusted Data
org.springframework.kafka, spring-kafka is vulnerable to Deserialization Of Untrusted Data. The vulnerability is caused by not setting ErrorHandlingDeserializer when checkDeserExWhenKeyNull or checkDeserExWhenValueNull container properties are set to true. An attacker can construct a malicious...
CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...
CVE-2007-2263
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF Flash file with malformed record headers...
CVE-2007-2263
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF Flash file with malformed record headers...
realplayer swf file (flash media) heap overflow
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF Flash file with malformed record headers...