Lucene search
K

365 matches found

OSV
OSV
added 2023/12/15 9:30 a.m.2 views

GHSA-6X49-W35H-WQRJ Bypass serialize checks in Apache Dubbo

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue...

9.8CVSS7.1AI score0.07401EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2023/12/15 9:30 a.m.28 views

Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue...

9.8CVSS9.4AI score0.01666EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/15 9:30 a.m.23 views

Bypass serialize checks in Apache Dubbo

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue...

9.8CVSS9.5AI score0.07401EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2023/12/15 8:15 a.m.17 views

CVE-2023-46279 Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue...

9.7AI score0.01666EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.5 views

PT-2023-35525 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE 11 crash has been reported. The crash involves the ndpi snprintf and ndpi serialize string int32 functions in the fuzz...

7AI score
Exploits0References2
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.344 views

Chrome Read-Only Property Overwrite

Chrome: Read-only property overwrite in TurboFan VULNERABILITY DETAILS While collecting information for a property store, TurboFan bails out if the property isn't writable2. Unfortunately, the branch condition1 does not include one of the store modes, namely kDefine. This allows an attacker to...

8.8CVSS7.1AI score0.01776EPSS
Exploits2
Prion
Prion
added 2023/08/30 5:15 p.m.23 views

Code injection

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code...

6.5CVSS8.8AI score0.00816EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/05/07 2:2 p.m.8 views

OSV-2023-380 UNKNOWN WRITE in bool OT::Layout::Common::Coverage::serialize<hb_map_iter_t<hb_map_iter_t<hb_filt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58663 Crash type: UNKNOWN WRITE Crash state: bool OT::Layout::Common::Coverage::serialize::subset hbsubsetcontextt::returnt OT::Layout::GSUBimpl::SubstLookupSubTable::dispat...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/07 12:0 a.m.3 views

PT-2023-35815 · Git +1 · Harfbuzz

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash occurs in the sort r simple function and involves the...

6.8AI score
Exploits0References2
CNVD
CNVD
added 2023/04/23 12:0 a.m.16 views

Google Android Information Disclosure Vulnerability (CNVD-2023-55371)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of bounds checking in the multiple files component's serialize, which can be exploited by an attacker to obtain sensitive informatio...

5.5CVSS6.1AI score0.00087EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.3 views

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of bounds checking in the multiple files component's serialize, which can be exploited by an attacker to obtain sensitive informatio...

5.5CVSS6.1AI score0.00087EPSS
Exploits0References2
OSV
OSV
added 2023/04/17 2:2 p.m.6 views

OSV-2023-323 Heap-buffer-overflow in OT::glyf_impl::SubsetGlyph::serialize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58071 Crash type: Heap-buffer-overflow WRITE 2 Crash state: OT::glyfimpl::SubsetGlyph::serialize OT::glyf::subset bool trysubset...

7.2AI score
Exploits0References1
OSV
OSV
added 2023/03/12 1:0 p.m.7 views

OSV-2023-165 Heap-buffer-overflow in array_container_to_uint32_array

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56893 Crash type: Heap-buffer-overflow WRITE 4 Crash state: arraycontainertouint32array ratouint32array roaringbitmapserialize...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2023/02/27 9:31 a.m.77 views

Vulnerable javascript dependency used in adminsidepanel.js

Description The adminsidepanel.js used Vue.js v2.6.10, which contains the vulnerable vue-server-renderer's dependency of serialize-javascript. Proof of Concept 1.Go to https://demo.limesurvey.org/tmp/assets/cb9c5d96/build.min/js/adminsidepanel.js and search for Vue.js v2.6.10 term. We can note th...

6.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/21 12:0 a.m.3 views

PT-2023-36029 · Hdf5 · Hdf5

Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: A heap buffer overflow issue has been identified, which can cause a crash. The crash occurs due to a WRITE 1 heap-buffer-overflow. The functions involved in the crash include H5O mtime new...

7.4AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.2 views

SUSE CVE-2018-19395

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as demonstrated by a serialize call on...

7.5CVSS9.2AI score0.04327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.4 views

SUSE CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

5.4CVSS7.9AI score0.00977EPSS
Exploits0References3
OSV
OSV
added 2022/06/28 12:0 a.m.15 views

GHSA-M43H-HFRQ-X8WX SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

8.7CVSS7.4AI score0.02042EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/06/28 12:0 a.m.19 views

SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS1.3AI score0.02042EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/06/27 6:15 p.m.19 views

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS1.6AI score0.02042EPSS
Exploits0References2
Rows per page
Query Builder