PT-2026-34903

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mac80211 wifi component where the aql enable write function does not serialize concurrent writes to the debugfs. This can lead to a static branch dec underflow for...

EUVD-2018-1907

Malware in sbrugna...

SUSE CVE-2024-44946

In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb. 2. Thread A resumes building skb from kcm-seqskb but is blocked by...

CVE-2024-44946

CVE-2024-44946 affects the Linux kernel kcm subsystem (kcm_sendmsg). The issue was a use-after-free/race: while MSG_MORE skb construction was in progress, another thread could touch it, leading to a double-free in kcm_release() when the skb remained in the write queue. The fix serialises kcm_send...

CVE-2024-39673

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2022-40155

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...

GHSA-7FJP-G4M7-FX23 User (Encrypted) Password Field Being Serialised

Impact Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed. Patches Issue has been patched in version 0.3.7-beta and onwards. Workarounds Add the 'password' field to the Users...

CVE-2021-26295 RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz...

GHSA-8VP7-J5CJ-VVM2 Ability to expose data in Sylius by using an unintended serialisation group

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220 Ability to expose data in Sylius by using an unintended serialisation group

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2019-0189

The CVE-2019-0189 issue affects Apache OFBiz via two dependencies (commons-beanutils and an outdated commons-fileupload). It uses Java deserialization in the HttpEngine: the request parameter serviceContext is passed to XmlSerializer.deserialize, enabling remote code execution through java.io.Obj...

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks

Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various...

Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

CVE-2018-1000509

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. Thi...

CVE-2018-1000509

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. Thi...

Design/Logic Flaw

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. Thi...

CVE-2018-1000509

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. Thi...

CVE-2018-1000509

CVE-2018-1000509 affects the WordPress Redirection plugin, specifically version 2.7.1 . The vulnerability is a serialization issue in the plugin’s Settings page AJAX, which in certain circumstances can let an attacker with an admin account execute arbitrary code. The flaw is resolved in version 2...

CVE-2017-12634

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...