Lucene search
K

4277 matches found

Github Security Blog
Github Security Blog
added 2024/07/15 5:48 p.m.21 views

TorrentPier Deserialization of Untrusted Data vulnerability

Summary In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.phpL41-L60 PoC One can use...

9.8CVSS6.1AI score0.00995EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/07/15 5:48 p.m.9 views

GHSA-FG86-4C2R-7WXW TorrentPier Deserialization of Untrusted Data vulnerability

Summary In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.phpL41-L60 PoC One can use...

9.8CVSS6.1AI score0.00995EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/12 5:2 a.m.29 views

Security Bulletin: CVE-2023-6378

Summary A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caus...

7.5CVSS7AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/12 5:1 a.m.32 views

Security Bulletin: CVE-2023-6481

Summary A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a deni...

7.5CVSS6.8AI score0.00682EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/07/01 5:15 p.m.1 views

CVE-2024-36984

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code...

8.8CVSS6AI score0.01412EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/26 1:35 p.m.2 views

Malicious code in @wdp-gov/catalog-serialization-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fff02ca904ee412fdcab9847e7f29ea41e117e4248526d1712ff730ce59acb6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/06/26 1:35 p.m.11 views

MAL-2024-1668 Malicious code in @wdp-gov/catalog-serialization-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fff02ca904ee412fdcab9847e7f29ea41e117e4248526d1712ff730ce59acb6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:48 p.m.6 views

Malicious code in array-xml-serialization (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:48 p.m.12 views

MAL-2024-6685 Malicious code in array-xml-serialization (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/21 3:52 a.m.2 views

SUSE CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue...

5.5CVSS6.5AI score0.00182EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2024/06/20 11:27 a.m.22 views

CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue...

5.6CVSS8.8AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2024/06/19 3:15 p.m.23 views

CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue...

5.5CVSS0.00182EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/06/19 2:53 p.m.19 views

CVE-2021-47587 net: systemport: Add global locking for descriptor lifecycle

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue...

6.9AI score0.00182EPSS
Exploits0References8
Amazon
Amazon
added 2024/06/14 12:0 a.m.6 views

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

8.8CVSS7.4AI score0.23618EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/06/13 2:8 p.m.45 views

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning ML model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine...

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/13 8:31 a.m.14 views

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. This makes it...

9CVSS7.4AI score0.00675EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...

9.8CVSS7.3AI score0.00675EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/06 7:16 p.m.53 views

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
OSV
OSV
added 2024/06/06 7:16 p.m.20 views

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

8.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/06/06 6:30 p.m.23 views

Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS9.8AI score0.26488EPSS
Exploits3References6Affected Software1
Rows per page
Query Builder