Lucene search
K

4277 matches found

CVE
CVE
added 2024/06/06 6:17 p.m.97 views

CVE-2024-5480

CVE-2024-5480 is a valid vulnerability describing a remote code execution in PyTorch’s torch.distributed.rpc framework prior to version 2.2.2. Red Hat’s entry details an RCE arising when a worker serializes and sends a PythonUDF to the master and the master deserializes/executes it without proper...

8.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/06/04 12:19 p.m.5 views

SUSE CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system when interacted...

8.8CVSS8.3AI score0.23618EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.32 views

RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: InetSocketAddress serialization issue Networking, 7201071 CVE-2013-0433 - Oracle JDK 7: bypass o...

10CVSS7.5AI score0.89987EPSS
Exploits10References35
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.31 views

RHEL 8 : opendaylight (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17267 - A flaw was...

9.8CVSS8.9AI score0.17611EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.11 views

RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: insufficient loader constraints checks for invokespecial Hotspot, 8180711 CVE-2017-10346 -...

9.6CVSS5.6AI score0.16181EPSS
Exploits4References43
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.4 views

PT-2025-2844 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to insufficient input validation in a component of the Android operating system framework. This could allow an attacker to elevate their privileges. There have been...

8.5CVSS6.6AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/05/28 12:0 a.m.4 views

The vulnerability of the reqsk_queue_alloc() function in the Linux kernel-based TCP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueuealloc function in the net/core/requestsock.c module of the Linux kernel’s TCP protocol implementation is related to deficiencies in the serialization mechanism, leading to competitive access to resources. Exploiting this vulnerability could allow a remote attack...

10CVSS6.5AI score0.00173EPSS
Exploits0References22Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/05/27 12:0 a.m.3 views

The vulnerability of the pcie_aspm_pm_state_change() function in Qualcomm’s Linux-based PCIe device drivers allows a hacker to cause a service failure.

The vulnerability of the pcieaspmpmstatechange function in Qualcomm’s PCIe device drivers for Linux operating systems is related to incorrect resource serialization. Exploiting this vulnerability can allow attackers to cause service failures...

5.5CVSS6.6AI score0.00208EPSS
Exploits0References16Affected Software2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.9 views

Fedora: Security Advisory for python-cbor2 (FEDORA-2024-0c9aaeb447)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01167EPSS
Exploits1References2
Gitee
Gitee
added 2024/05/24 3:43 p.m.66 views

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

7.6AI score
Exploits0
Redos
Redos
added 2024/05/24 12:0 a.m.34 views

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

7.5CVSS7.3AI score0.14839EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.6 views

logback: serialization vulnerability in logback receiver

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition...

7.5CVSS7.2AI score0.009EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.6 views

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

7.5CVSS7.1AI score0.00682EPSS
Exploits0References4
CVE
CVE
added 2024/05/21 3:4 p.m.142 views

CVE-2021-47408

CVE-2021-47408 affects the Linux kernel netfilter conntrack code. The issue arises when the conntrack hash table resizes or during cleanup, causing nf_ct_iterate_cleanup to restart after a resize and delaying net_namespace teardown. The available connected documents state that adding a mutex to s...

5.5CVSS6.6AI score0.00253EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/21 2:18 p.m.3 views

logback: serialization vulnerability in logback receiver

A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition...

7.5CVSS7.2AI score0.009EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/05/21 2:18 p.m.4 views

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

7.5CVSS7.1AI score0.00682EPSS
Exploits0References4
Redos
Redos
added 2024/05/21 12:0 a.m.33 views

ROS-20240521-05

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...

7.5CVSS7.1AI score0.17673EPSS
Exploits3
Redos
Redos
added 2024/05/21 12:0 a.m.12 views

ROS-20240521-11

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

7.4CVSS7.4AI score0.02474EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/05/15 10:15 p.m.24 views

Laravel Cookie serialization vulnerability

Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to laravel advisory for more details and read the notes carefully when upgrading your...

7.1AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/15 4:54 p.m.140 views

CVE-2024-3372

A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity...

7.5CVSS6.9AI score0.00554EPSS
Exploits0References4
Rows per page
Query Builder