4273 matches found
USC iLab cereal buffer overflow vulnerability
USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier. An attacker can exploit the vulnerability to obtain sensitive information memory layout or private key...
Unspecified Vulnerability in USC iLab cereal
USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier, which stems from the inability of a serialized 'std::sharedptr' variable to be serialized back to its original value. No details of the vulnerability are provided at...
PT-2020-10891 · Mongodb · Js-Bson
Name of the Vulnerable Software and Affected Versions: js-bson library version 1.1.3 and prior Description: The issue is caused by incorrect parsing of certain JSON input, which may result in js-bson not correctly serializing BSON. This can cause unexpected application behavior, including data...
CVE-2020-11104
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...
CVE-2020-11105
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...
CVE-2020-11105
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...
Stack overflow
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...
CVE-2020-11104
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...
Design/Logic Flaw
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...
CVE-2020-11105
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...
CVE-2020-11104
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...
CVE-2020-11104
CVE-2020-11104 affects USC iLab cereal up to version 1.3.0. Its serialization of an initialized long double into BinaryArchive/PortableBinaryArchive leaks several bytes of stack/heap memory, enabling leakage of sensitive information (memory layout or private keys) if the archive is distributed in...
CVE-2020-11105
CVE-2020-11105 affects USC iLab cereal up to version 1.3.0, where serialization fidelity of std::shared_ptrs can be broken because the library caches shared_ptr raw addresses as identifiers. When a shared_ptr goes out of scope and a new one is allocated at the same address, serialized values may ...
CVE-2020-11105
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...
DEBIAN-CVE-2020-7610
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...
CVE-2020-7610
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...
Deserialization of untrusted data
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...
Release of Invalid Pointer or Reference
An issue was discovered in USC iLab cereal. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address...
[SECURITY] Fedora 32 Update: PyYAML-5.3.1-1.fc32
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
Fedora: Security Advisory for PyYAML (FEDORA-2020-e9741a6a15)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...