Lucene search
K

4278 matches found

CVE
CVE
added 2024/04/11 12:0 a.m.70 views

CVE-2024-29452

CVE-2024-29452 relates to ROS2 Humble Hawksbill, with insecure deserialization vulnerabilities in ROS2 Humble Hawksbill versions 2 and 3. The issue enables an attacker to execute arbitrary code and obtain sensitive information via crafted input affecting the Data Serialization and Deserialization...

6.7AI score
Exploits0
CVE
CVE
added 2024/04/10 12:0 a.m.7487 views

CVE-2024-30736

CVE-2024-30736 entry is rejected/not used; withdrawn by CNA with no vulnerability evidence.

6.7AI score
Exploits0
CVE
CVE
added 2024/04/10 12:0 a.m.6966 views

CVE-2024-30719

CVE-2024-30719 is rejected; this candidate is not used and does not reflect an active vulnerability entry.

6.7AI score
Exploits0
CVE
CVE
added 2024/04/09 6:59 p.m.74 views

CVE-2024-2501

CVE-2024-2501 affects Hubbub Lite (WordPress plugin) up to version 1.33.1 and enables PHP Object Injection via deserialization in the dpsp_maybe_unserialize function. Authenticated attackers with Contributor+ privileges can inject a PHP object; if a POP chain exists via another plugin/theme, this...

7.5CVSS9.3AI score0.00921EPSS
Exploits0References4
Atlassian
Atlassian
added 2024/04/09 1:53 a.m.43 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.10379EPSS
Exploits1
Atlassian
Atlassian
added 2024/04/09 1:52 a.m.43 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.8CVSS7AI score0.20929EPSS
Exploits2
Atlassian
Atlassian
added 2024/04/09 1:51 a.m.53 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS7AI score0.12504EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:50 a.m.35 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.5AI score0.03473EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/09 1:50 a.m.51 views

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS6.5AI score0.02959EPSS
Exploits0
CVE
CVE
added 2024/04/09 12:0 a.m.6794 views

CVE-2024-30704

CVE-2024-30704 entry is rejected/not used and does not represent an active vulnerability entry.

6.7AI score
Exploits0
CVE
CVE
added 2024/04/09 12:0 a.m.7815 views

CVE-2024-30687

CVE-2024-30687 has been withdrawn; multiple sources (NVD, CNNVD, CVE List) state: “DO NOT USE THIS CANDIDATE NUMBER. This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.” Consequently, there is ...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.5 views

PT-2024-23568 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An insecure deserialization issue allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components,...

8AI score
Exploits0References3
OSV
OSV
added 2024/04/03 5:15 p.m.2 views

UBUNTU-CVE-2024-26759

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swapin the same entry at the same time, they get different pages A, B. Before one thread T0 finishes the swapin and...

5.5CVSS6.3AI score0.00252EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/04/02 12:0 a.m.16 views

CVE-2024-27604

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...

7.3AI score0.01038EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/18 9:47 a.m.2 views

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

7.5CVSS7.1AI score0.00682EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/18 9:47 a.m.1 views

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

7.5CVSS7.3AI score0.01022EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.20 views

CVE-2024-1951 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection

The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor...

7.5CVSS7.8AI score0.01021EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 5:9 p.m.11 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote...

5.3CVSS5.2AI score0.01357EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2024/03/12 3:54 p.m.48 views

USN-6692-1: Gson vulnerability

It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

7.7CVSS8AI score0.1158EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.14 views

PT-2024-2060 · Amd +7 · Amd Cpus +7

Name of the Vulnerable Software and Affected Versions: Modern CPU architectures supporting speculative execution affected versions not specified Description: A Speculative Race Condition SRC vulnerability, known as GhostRace, has been disclosed. This vulnerability impacts modern CPU architectures...

7.5CVSS7.2AI score0.17444EPSS
Exploits0References147
Rows per page
Query Builder