4278 matches found
CVE-2024-3372
A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity...
The vulnerability of the check_for_locks() function in the fs/nfsd/nfs4state.c module of the Linux kernel-based NFS file system allows a attacker to trigger a service failure.
The vulnerability of the checkforlocks function in the fs/nfsd/nfs4state.c module of the Linux kernel-based Network File System server is related to improper checking of serialization. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
CVE-2024-3372
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...
CVE-2024-3372
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...
UBUNTU-CVE-2024-3372
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...
CVE-2024-29212
Due to an unsafe de-serialization method used by the Veeam Service Provider ConsoleVSPC server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution RCE on the VSPC server machine...
CVE-2024-3372
CVE-2024-3372 : MongoDB servers are affected by improper validation of certain metadata input that may cause the server to mis-serialize BSON. The issue can be exploited pre-authentication and may lead to unexpected application behavior, including unavailability of serverStatus responses. Affecte...
PT-2024-25457
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.6 MongoDB Server versions prior to 6.0.14 MongoDB Server versions prior to 5.0.25 Description The issue is caused by improper validation of certain metadata input, which may result in the server not correct...
ROS-20240514-05
Vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to a buffer overflow on the stack. buffer overflow on the stack. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial...
ROS-20240514-03
The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2024-29212
CVE-2024-29212 affects Veeam Service Provider Console (VSPC). Multiple connected sources confirm an unsafe deserialization in VSPC server communications between the management agent and components, enabling Remote Code Execution (RCE) under certain conditions. Affected versions are reportedly VSP...
RHEL 6 : openjdk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: insufficient loader constraints checks for invokespecial Hotspot, 8180711 CVE-2017-10346 -...
RHEL 7 : xstream (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulati...
CVE-2023-39475
CVE-2023-39475 affects Inductive Automation Ignition through the ParameterVersionJavaSerializationCodec deserialization of untrusted data. The root cause is lack of validation of user-supplied data in this class, allowing a remote attacker to execute arbitrary code in the context of SYSTEM withou...
Inductive Automation Ignition 安全漏洞
Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A security vulnerability exists in Inductive Automation Ignition that stems...
PT-2025-40749
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI target handling of LUN RESET commands. The issue arises when multiple LUN RESET commands are received from different initiators, leading to a...
AZL-42792 CVE-2024-27322 affecting package R for versions less than 4.4.1-1
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
AZL-42815 CVE-2024-27322 affecting package R for versions less than 4.1.0-5
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
UBUNTU-CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS R Data Serialization file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 CVSS...