Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization. De-serializing untrusted data can lead to security flaws...

What is PHP Object Injection

PHP Serialization Recap PHP provides a mechanism for storing and loading data with PHP types across multiple HTTP requests. This mechanism boils down to two functions: serialize and unserialize. This may sound complicated but lets look at the following easy example: A PHP object being serialized ...

[SECURITY] Fedora 29 Update: python-marshmallow-2.11.1-8.fc29

Marshmallow is a framework-agnostic library for converting complex datatype s, such as objects, to and from primitive Python datatypes. Marshmallow schemas can be used to: Validate input data. Deserialize input data to app-level objects. Serialize app-level objects to primitive Python types. The...

ZOHO ManageEngine Applications Manager Serialization Vulnerability

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A serialization...

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

Remote code execution

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

CVE-2018-16364

Zoho ManageEngine Applications Manager is affected by a serialization vulnerability that enables remote code execution on Windows when handling a payload on an SMB share. The flaw exists in builds prior to 13740. The vulnerability is exploitable over the network and does not require user interact...

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1235)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lorelease serialization, which allows attackers to cause a deni...

Google Chrome IPC Pointer Information Disclosure Vulnerability

Google Chrome is a web browser developed by Google, and IPC is one of the inter-process communication components. A security vulnerability exists in IPC in versions of Google Chrome prior to 63.0.3239.84, which stems from an incorrect serialization operation performed by the program. The...

CVE-2017-15415

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page...

CVE-2017-15415

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page...

Design/Logic Flaw

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page...

CVE-2017-15415

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page...

CVE-2017-15415

Google Chrome IPC Pointer Information Disclosure vulnerability (CVE-2017-15415) stems from incorrect serialization in the IPC component, allowing a remote attacker to leak a pointer value via a crafted HTML page on affected builds prior to 63.0.3239.84. Public descriptions in CNVD-2018-22403 corr...

CVE-2017-15415

Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page...

CVE-2017-15415

Removed by vendor...

CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...