4264 matches found
Apache Ignite 安全漏洞
Apache Ignite is a high-performance, integrated and distributed in-memory computing and transaction management platform for large-scale dataset processing from the Apache Foundation USA. A security vulnerability exists in Apache Ignite version 2.6.0 through versions prior to 2.17.0 that stems fro...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: padata: Use integer wrap-around to prevent deadlock in cases of seqnr overflow. When submitting more than 2^32 padata objects to padatadoserial, the current sorting implementation incorrectly sorts padata objects with overflowed...
Azure Linux 3.0 Security Update: kernel (CVE-2024-47739)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47739 advisory. - In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to preve...
Astra Linux - уязвимость в jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...
Astra Linux - уязвимость в jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...
Astra Linux - уязвимость в jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...
mina-core: Apache MINA: applications using unbounded deserialization may allow RCE
A flaw was found in Apache MINA. The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sendin...
CVE-2024-29212
Due to an unsafe de-serialization method used by the Veeam Service Provider ConsoleVSPC server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution RCE on the VSPC server machine...
CVE-2024-32876
NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...
USN-7096-2 openjdk-8 regressions
USN-7096-1 fixed vulnerabilities in OpenJDK 8. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under...
CVE-2024-40624
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...
PYSEC-2025-27
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...
GHSA-M4F6-VCJ4-W5MX snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue...
PT-2025-5575 · Snowflake · Snowflake Connector For Python
Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.7.12 through 3.13.0 Description: The OCSP response cache in the Snowflake Connector for Python uses pickle as the serialization format, potentially leading to local privilege escalation. This issue ca...
Snowflake Connector for Python 代码问题漏洞
Snowflake Connector for Python is an open source interface from Snowflake Computing. It is used to develop Python applications that can connect to Snowflake and perform all standard operations. A code issue vulnerability exists in Snowflake Connector for Python versions prior to 3.13.1, which ste...
CVE-2025-23045
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...
CVE-2025-23045
CVE-2025-23045 affects Computer Vision Annotation Tool (CVAT). An attacker with an account on an affected CVAT instance can execute arbitrary code in the Nuclio function container via serverless tracker functions (TransT and SiamMask); deployments with custom tracker functions may also be affecte...
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...
PT-2025-4790 · Nuclio +1 · Nuclio +1
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.26.0 Description: The issue allows an attacker with an account on an affected CVAT instance to run arbitrary code in the context of the Nuclio function container. This affects CVAT...