Lucene search
K

70 matches found

NVD
NVD
added 2024/01/23 6:15 p.m.46 views

CVE-2024-23636

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS9.7AI score0.00799EPSS
Exploits0References2
Prion
Prion
added 2024/01/23 6:15 p.m.29 views

Deserialization of untrusted data

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

7.5CVSS7.3AI score0.00799EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/23 5:22 p.m.48 views

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS9.9AI score0.00799EPSS
Exploits0References2
CVE
CVE
added 2024/01/23 5:22 p.m.65 views

CVE-2024-23636

SOFARPC (Java RPC framework) is vulnerable prior to version 5.12.0 due to a gadget chain that can bypass the Hessian blacklist used to restrict deserialization of potentially dangerous classes. The vulnerability is rooted in the Hessian-based deserialization thatCAN be manipulated by a gadget cha...

9.8CVSS9.6AI score0.00799EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/23 5:22 p.m.37 views

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS9.3AI score0.00799EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/19 3:30 a.m.18 views

Solon vulnerable to deserialization of untrusted data

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...

9.8CVSS9.8AI score0.01075EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/06/19 3:30 a.m.6 views

GHSA-7Q8C-49F4-4C8Q Solon vulnerable to deserialization of untrusted data

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...

9.8CVSS6.1AI score0.01075EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/06/19 1:15 a.m.2 views

CVE-2023-35839

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...

9.8CVSS5.9AI score0.01075EPSS
Exploits1References3
OSV
OSV
added 2023/06/19 12:0 a.m.10 views

CVE-2023-35839

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...

9.8CVSS9.8AI score0.01075EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.9 views

PT-2023-25336 · Solon · Solon

Name of the Vulnerable Software and Affected Versions: Solon versions prior to 2.3.3 Description: A bypass in the component sofa-hessian allows attackers to execute arbitrary code via providing a crafted payload. Recommendations: For versions prior to 2.3.3, update to version 2.3.3 or later to...

9.8CVSS9.7AI score0.01075EPSS
Exploits1References8
OSV
OSV
added 2023/05/18 8:15 p.m.4 views

CVE-2023-29720

SofaWiki =3.8.9 is vulnerable to Cross Site Scripting XSS via index.php...

6.1CVSS5.8AI score0.00387EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/18 12:0 a.m.6 views

PT-2023-22372 · Sofawiki · Sofawiki

Name of the Vulnerable Software and Affected Versions: SofaWiki versions prior to 3.8.10 Description: The issue is related to Cross Site Scripting XSS that can be exploited via the index.php file. Recommendations: For versions prior to 3.8.10, update to version 3.8.10 or later to resolve the issu...

6.1CVSS6.3AI score0.00387EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.3 views

SUSE CVE-2020-36152

Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA...

8.8CVSS8.1AI score0.02255EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.3 views

kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...

7.8CVSS6.4AI score0.00166EPSS
Exploits0References5
Fedora
Fedora
added 2021/12/16 1:14 a.m.30 views

[SECURITY] Fedora 34 Update: libmysofa-1.2.1-1.fc34

This is a simple set of C functions to read AES SOFA files, if they contain HRTFs stored according to the AES69-2015 standard...

1AI score0.01668EPSS
Exploits2
Fedora
Fedora
added 2021/12/10 1:22 a.m.62 views

[SECURITY] Fedora 35 Update: libmysofa-1.2.1-1.fc35

This is a simple set of C functions to read AES SOFA files, if they contain HRTFs stored according to the AES69-2015 standard...

1AI score0.01668EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/12/10 12:0 a.m.17 views

Fedora: Security Advisory for libmysofa (FEDORA-2021-36ac17e5ac)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.6AI score
Exploits0References2
Ubuntu
Ubuntu
added 2021/12/08 7:5 p.m.408 views

USN-5184-1: libmysofa vulnerability

It was discovered that libmysofa mishandled certain input. An attacker could use this vulnerability to cause a denial of service crash...

9.8CVSS6.8AI score0.01035EPSS
Exploits1
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.5 views

libmysofa 缓冲区错误漏洞

libmysofa is a library for reading AES SOFA files. A security vulnerability exists in libmysofa that stems from the application's susceptibility to heap-based buffer overflows...

9.8CVSS7AI score0.01035EPSS
Exploits1References6
Fedora
Fedora
added 2021/02/26 1:9 a.m.74 views

[SECURITY] Fedora 32 Update: libmysofa-1.2-4.fc32

This is a simple set of C functions to read AES SOFA files, if they contain HRTFs stored according to the AES69-2015 standard...

8.8CVSS1AI score0.02255EPSS
Exploits5
Rows per page
Query Builder