Lucene search
K

4278 matches found

RedhatCVE
RedhatCVE
added 2024/05/15 4:54 p.m.140 views

CVE-2024-3372

A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity...

7.5CVSS6.9AI score0.00554EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.5 views

The vulnerability of the check_for_locks() function in the fs/nfsd/nfs4state.c module of the Linux kernel-based NFS file system allows a attacker to trigger a service failure.

The vulnerability of the checkforlocks function in the fs/nfsd/nfs4state.c module of the Linux kernel-based Network File System server is related to improper checking of serialization. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

5.9CVSS6.5AI score0.00195EPSS
Exploits0References38Affected Software2
NVD
NVD
added 2024/05/14 4:17 p.m.29 views

CVE-2024-3372

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...

7.5CVSS7.5AI score0.00554EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 4:17 p.m.15 views

CVE-2024-3372

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...

7.5CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2024/05/14 4:17 p.m.0 views

UBUNTU-CVE-2024-3372

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...

7.5CVSS7.2AI score0.00554EPSS
Exploits0References3
NVD
NVD
added 2024/05/14 3:15 p.m.18 views

CVE-2024-29212

Due to an unsafe de-serialization method used by the Veeam Service Provider ConsoleVSPC server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution RCE on the VSPC server machine...

9.9CVSS9.8AI score0.01551EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 1:24 p.m.101 views

CVE-2024-3372

CVE-2024-3372 : MongoDB servers are affected by improper validation of certain metadata input that may cause the server to mis-serialize BSON. The issue can be exploited pre-authentication and may lead to unexpected application behavior, including unavailability of serverStatus responses. Affecte...

7.5CVSS6.5AI score0.00554EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.4 views

PT-2024-25457

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.6 MongoDB Server versions prior to 6.0.14 MongoDB Server versions prior to 5.0.25 Description The issue is caused by improper validation of certain metadata input, which may result in the server not correct...

9.8CVSS7.2AI score0.00554EPSS
Exploits0References14
Redos
Redos
added 2024/05/14 12:0 a.m.44 views

ROS-20240514-05

Vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to a buffer overflow on the stack. buffer overflow on the stack. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial...

6.5CVSS7.2AI score0.01476EPSS
Exploits1
Redos
Redos
added 2024/05/14 12:0 a.m.25 views

ROS-20240514-03

The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS8.1AI score0.99615EPSS
Exploits7
CVE
CVE
added 2024/05/13 1:7 a.m.126 views

CVE-2024-29212

CVE-2024-29212 affects Veeam Service Provider Console (VSPC). Multiple connected sources confirm an unsafe deserialization in VSPC server communications between the management agent and components, enabling Remote Code Execution (RCE) under certain conditions. Affected versions are reportedly VSP...

9.9CVSS7.4AI score0.01551EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.28 views

RHEL 6 : openjdk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: insufficient loader constraints checks for invokespecial Hotspot, 8180711 CVE-2017-10346 -...

9.4AI score0.17673EPSS
Exploits7References95
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 7 : xstream (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulati...

9.2AI score0.82392EPSS
Exploits14References10
CVE
CVE
added 2024/05/03 2:10 a.m.59 views

CVE-2023-39475

CVE-2023-39475 affects Inductive Automation Ignition through the ParameterVersionJavaSerializationCodec deserialization of untrusted data. The root cause is lack of validation of user-supplied data in this class, allowing a remote attacker to execute arbitrary code in the context of SYSTEM withou...

9.8CVSS9.8AI score0.03147EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

Inductive Automation Ignition 安全漏洞

Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A security vulnerability exists in Inductive Automation Ignition that stems...

9.8CVSS9.8AI score0.03147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.2 views

PT-2025-40749

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI target handling of LUN RESET commands. The issue arises when multiple LUN RESET commands are received from different initiators, leading to a...

4.7CVSS7.2AI score0.00147EPSS
Exploits0References21
OSV
OSV
added 2024/04/29 1:15 p.m.7 views

AZL-42792 CVE-2024-27322 affecting package R for versions less than 4.4.1-1

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

8.8CVSS7.3AI score0.23618EPSS
Exploits0References1
OSV
OSV
added 2024/04/29 1:15 p.m.6 views

AZL-42815 CVE-2024-27322 affecting package R for versions less than 4.1.0-5

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

8.8CVSS7.3AI score0.23618EPSS
Exploits0References1
OSV
OSV
added 2024/04/29 1:15 p.m.2 views

UBUNTU-CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

8.8CVSS7.3AI score0.23618EPSS
Exploits0References12
The Hacker News
The Hacker News
added 2024/04/29 10:50 a.m.19 views

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS R Data Serialization file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 CVSS...

8.8CVSS8.4AI score0.23618EPSS
Exploits0
Rows per page
Query Builder