365 matches found
kcm: Serialise kcm_sendmsg() for the same socket.
...
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
PT-2024-32317
Name of the Vulnerable Software and Affected Versions sofahessian versions prior to 3.5.5 Description The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. However, there is a gadget chain that can bypass the SOF...
PT-2025-6048
Name of the Vulnerable Software and Affected Versions npm-serialize-javascript versions up to 6.0.1 Description The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to injec...
Malicious code in ar-json_serialize (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in activerecord-serialize-coders (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6475 Malicious code in activerecord-serialize-coders (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in active-record_serialize_json (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2021-47408
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning 1 No repro found by syzbot yet but I was able to trigger similar issue by having 2 scripts running in parallel, changing...
DEBIAN-CVE-2021-47408
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning 1 No repro found by syzbot yet but I was able to trigger similar issue by having 2 scripts running in parallel, changing...
UBUNTU-CVE-2021-47351
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattrset|get and listxattr operations UBIFS may occur some problems with concurrent xattrset|get and listxattr operations, such as assertion failure, memory corruption, stale xattr value1. Fix it by...
The vulnerability of the `pkcs12.serialize_key_and_certificates` function in the Python programming language’s cryptography package allows a malicious actor to cause a Python program to crash.
The vulnerability of the pkcs12.serializekeyandcertificates function in the Python programming language’s cryptography package is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a crash in a Python process remotely...
GHSA-2V42-XP3J-47M4 Xuxueli xxl-job template injection vulnerability
A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed ...
lagom 安全漏洞
lagom is a PyTorch infrastructure for rapid prototyping of reinforcement learning algorithms from the Xingdong Zuo personal developer. A security vulnerability exists in lagom version v.0.1.2, which stems from a vulnerability that allows a local attacker to execute arbitrary code via the picklelo...
PT-2024-20900 · Unknown · Zuoxingdong Lagom
Name of the Vulnerable Software and Affected Versions: zuoxingdong lagom version 0.1.2 Description: The issue allows a local attacker to execute arbitrary code via the pickle load function of the serialize.py file. Recommendations: For zuoxingdong lagom version 0.1.2, consider disabling the pickl...
AZL-40024 CVE-2024-26602 affecting package hyperv-daemons for versions less than 6.6.35.1-1
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sysmembarrier On some systems, sysmembarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to preve...
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
If pkcs12.serializekeyandcertificates is called with both: 1. A certificate whose public key did not match the provided private key 2. An encryptionalgorithm with hmachash set via PrivateFormat.PKCS12.encryptionbuilder.hmachash... Then a NULL pointer dereference would occur, crashing the Python...
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
?php / -------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software...
GHSA-97RV-88GF-PHVR Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue...