Lucene search
K

4276 matches found

AlpineLinux
AlpineLinux
added 2024/08/01 1:40 p.m.35 views

CVE-2024-6923

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

5.5CVSS7.7AI score0.00737EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/01 1:40 p.m.18 views

CVE-2024-6923

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

5.5CVSS6.7AI score0.00737EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/01 12:0 a.m.46 views

Ubuntu 14.04 LTS : Apache Commons Collections vulnerability (USN-6936-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6936-1 advisory. It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to...

9.8CVSS8.5AI score0.96032EPSS
Exploits17References2
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.2 views

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python that stems from a failure of the email module to properly reference line...

5.5CVSS7.3AI score0.00737EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/07/31 6:33 p.m.31 views

USN-6936-1: Apache Commons Collections vulnerability

It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.4AI score0.96032EPSS
Exploits17
OSV
OSV
added 2024/07/31 6:33 p.m.2 views

USN-6936-1 libcommons-collections3-java vulnerability

It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.5AI score0.96032EPSS
Exploits17References2
OSV
OSV
added 2024/07/25 12:15 p.m.3 views

CVE-2024-39673

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/25 11:40 a.m.19 views

CVE-2024-39673

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.8CVSS6.6AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.4 views

PT-2024-28613 · Iaware · Iaware

Name of the Vulnerable Software and Affected Versions: iAware module affected versions not specified Description: The issue is related to a serialisation/deserialisation mismatch in the iAware module. Successful exploitation of this issue may affect service confidentiality. Recommendations: At th...

7.1CVSS6.5AI score0.00126EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/07/18 6:15 p.m.3 views

CVE-2024-5625

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

6.5CVSS5.8AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2024/07/18 6:15 p.m.15 views

CVE-2024-5625

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

6.5CVSS0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/18 5:12 p.m.26 views

CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

6.5CVSS0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/18 5:12 p.m.9 views

CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

6.5CVSS5.8AI score0.00359EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.27 views

Atlassian Jira Service Management Data Center and Server < 5.4.18 / 5.5.x < 5.8.0 / 5.12.0 (JSDSERVER-15436)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15436 advisory. - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote...

8.2CVSS7.1AI score0.08689EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.5 views

PT-2024-36773 · Unknown · Apinizer Management Console

Name of the Vulnerable Software and Affected Versions: Apinizer Management Console versions prior to 2024.05.1 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows Data Serialization External Entities Blowup. Recommendations: For versions pri...

6.5CVSS7.1AI score0.00359EPSS
Exploits0References4
Veracode
Veracode
added 2024/07/16 7:18 a.m.12 views

Remote Code Execution (RCE)

torrentpier/torrentpier is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe handling of user-controlled data specifically cookies within the gettracks function in torrentpier/library/includes/functions.php, where unsafe usage of PHP's native serialization format...

9.8CVSS8.1AI score0.00995EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/15 8:15 p.m.25 views

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

9.8CVSS0.00995EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/15 7:28 p.m.13 views

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

9.8CVSS7.6AI score0.00995EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/15 7:28 p.m.32 views

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

9.8CVSS0.00995EPSS
Exploits0References3
OSV
OSV
added 2024/07/15 5:48 p.m.9 views

GHSA-FG86-4C2R-7WXW TorrentPier Deserialization of Untrusted Data vulnerability

Summary In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.phpL41-L60 PoC One can use...

9.8CVSS6.1AI score0.00995EPSS
Exploits0References5
Rows per page
Query Builder