Lucene search
K

4273 matches found

CNVD
CNVD
added 2020/03/31 12:0 a.m.3 views

USC iLab cereal buffer overflow vulnerability

USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier. An attacker can exploit the vulnerability to obtain sensitive information memory layout or private key...

5.3CVSS6.6AI score0.01534EPSS
Exploits1
CNVD
CNVD
added 2020/03/31 12:0 a.m.2 views

Unspecified Vulnerability in USC iLab cereal

USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier, which stems from the inability of a serialized 'std::sharedptr' variable to be serialized back to its original value. No details of the vulnerability are provided at...

9.8CVSS6.8AI score0.01977EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/03/31 12:0 a.m.8 views

PT-2020-10891 · Mongodb · Js-Bson

Name of the Vulnerable Software and Affected Versions: js-bson library version 1.1.3 and prior Description: The issue is caused by incorrect parsing of certain JSON input, which may result in js-bson not correctly serializing BSON. This can cause unexpected application behavior, including data...

5.5CVSS5.1AI score0.00906EPSS
Exploits0References11
NVD
NVD
added 2020/03/30 10:15 p.m.26 views

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

5.3CVSS5.2AI score0.01534EPSS
Exploits1References1
NVD
NVD
added 2020/03/30 10:15 p.m.16 views

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

9.8CVSS9.4AI score0.01977EPSS
Exploits1References1
OSV
OSV
added 2020/03/30 10:15 p.m.12 views

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

9.8CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/03/30 10:15 p.m.11 views

Stack overflow

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

5CVSS5.2AI score0.01534EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2020/03/30 10:15 p.m.16 views

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

5.3CVSS1.3AI score0.01534EPSS
Exploits1
Prion
Prion
added 2020/03/30 10:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

7.5CVSS9.3AI score0.01977EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2020/03/30 10:15 p.m.21 views

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

9.8CVSS1.3AI score0.01977EPSS
Exploits1
Cvelist
Cvelist
added 2020/03/30 9:30 p.m.12 views

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

5.2AI score0.01534EPSS
Exploits1References1
CVE
CVE
added 2020/03/30 9:30 p.m.69 views

CVE-2020-11104

CVE-2020-11104 affects USC iLab cereal up to version 1.3.0. Its serialization of an initialized long double into BinaryArchive/PortableBinaryArchive leaks several bytes of stack/heap memory, enabling leakage of sensitive information (memory layout or private keys) if the archive is distributed in...

5.3CVSS5.1AI score0.01534EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/03/30 9:30 p.m.73 views

CVE-2020-11105

CVE-2020-11105 affects USC iLab cereal up to version 1.3.0, where serialization fidelity of std::shared_ptrs can be broken because the library caches shared_ptr raw addresses as identifiers. When a shared_ptr goes out of scope and a new one is allocated at the same address, serialized values may ...

9.8CVSS9.3AI score0.01977EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/30 9:30 p.m.13 views

CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

9.4AI score0.01977EPSS
Exploits1References1
OSV
OSV
added 2020/03/30 7:15 p.m.3 views

DEBIAN-CVE-2020-7610

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

9.8CVSS6.9AI score0.02164EPSS
Exploits0References1
NVD
NVD
added 2020/03/30 7:15 p.m.11 views

CVE-2020-7610

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

9.8CVSS9.5AI score0.02164EPSS
Exploits0References1
Prion
Prion
added 2020/03/30 7:15 p.m.15 views

Deserialization of untrusted data

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

7.5CVSS9.3AI score0.02164EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2020/03/30 12:0 a.m.17 views

Release of Invalid Pointer or Reference

An issue was discovered in USC iLab cereal. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address...

9.8CVSS1.6AI score0.01977EPSS
Exploits1References1Affected Software1
Fedora
Fedora
added 2020/03/29 12:16 a.m.31 views

[SECURITY] Fedora 32 Update: PyYAML-5.3.1-1.fc32

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

10CVSS1.7AI score0.05299EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/03/29 12:0 a.m.30 views

Fedora: Security Advisory for PyYAML (FEDORA-2020-e9741a6a15)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS9.8AI score0.05299EPSS
Exploits1References2
Rows per page
Query Builder