70 matches found
CVE-2024-23636
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
Deserialization of untrusted data
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
CVE-2024-23636
SOFARPC (Java RPC framework) is vulnerable prior to version 5.12.0 due to a gadget chain that can bypass the Hessian blacklist used to restrict deserialization of potentially dangerous classes. The vulnerability is rooted in the Hessian-based deserialization thatCAN be manipulated by a gadget cha...
CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
Solon vulnerable to deserialization of untrusted data
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...
GHSA-7Q8C-49F4-4C8Q Solon vulnerable to deserialization of untrusted data
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...
CVE-2023-35839
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...
CVE-2023-35839
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...
PT-2023-25336 · Solon · Solon
Name of the Vulnerable Software and Affected Versions: Solon versions prior to 2.3.3 Description: A bypass in the component sofa-hessian allows attackers to execute arbitrary code via providing a crafted payload. Recommendations: For versions prior to 2.3.3, update to version 2.3.3 or later to...
CVE-2023-29720
SofaWiki =3.8.9 is vulnerable to Cross Site Scripting XSS via index.php...
PT-2023-22372 · Sofawiki · Sofawiki
Name of the Vulnerable Software and Affected Versions: SofaWiki versions prior to 3.8.10 Description: The issue is related to Cross Site Scripting XSS that can be exploited via the index.php file. Recommendations: For versions prior to 3.8.10, update to version 3.8.10 or later to resolve the issu...
SUSE CVE-2020-36152
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA...
kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...
[SECURITY] Fedora 34 Update: libmysofa-1.2.1-1.fc34
This is a simple set of C functions to read AES SOFA files, if they contain HRTFs stored according to the AES69-2015 standard...
[SECURITY] Fedora 35 Update: libmysofa-1.2.1-1.fc35
This is a simple set of C functions to read AES SOFA files, if they contain HRTFs stored according to the AES69-2015 standard...
Fedora: Security Advisory for libmysofa (FEDORA-2021-36ac17e5ac)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
USN-5184-1: libmysofa vulnerability
It was discovered that libmysofa mishandled certain input. An attacker could use this vulnerability to cause a denial of service crash...
libmysofa 缓冲区错误漏洞
libmysofa is a library for reading AES SOFA files. A security vulnerability exists in libmysofa that stems from the application's susceptibility to heap-based buffer overflows...
[SECURITY] Fedora 32 Update: libmysofa-1.2-4.fc32
This is a simple set of C functions to read AES SOFA files, if they contain HRTFs stored according to the AES69-2015 standard...