Lucene search
K

39 matches found

OSV
OSV
added 2024/08/16 11:8 a.m.5 views

OESA-2024-2004 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with ...

9.8CVSS7.9AI score0.28637EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 11:5 a.m.21 views

BIT-SILVERSTRIPE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS4.5AI score0.00786EPSS
Exploits1References2
CVE
CVE
added 2024/03/06 6:45 a.m.10292 views

CVE-2024-26624

CVE-2024-26624 is rejected by its CNA and does not represent an active vulnerability.

7.5AI score
Exploits0
Cvelist
Cvelist
added 2024/01/19 8:48 p.m.42 views

CVE-2024-23683 Artemis Java Test Sandbox InvocationTargetException Subclass Escape

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

8.7AI score0.00355EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.3 views

SUSE CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

9.8CVSS9.3AI score0.19523EPSS
Exploits0References3
OSV
OSV
added 2023/02/01 12:0 a.m.33 views

ASB-A-244154558

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2021/10/07 3:15 p.m.25 views

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

4.3CVSS6.8AI score0.00786EPSS
Exploits1References2
Friends Of PHP
Friends Of PHP
added 2021/06/07 10:31 p.m.33 views

CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass

More info at https://www.silverstripe.org/download/security-releases/CVE-2021-28661...

4.3CVSS7.2AI score0.00786EPSS
Exploits1Affected Software1
Exploit DB
Exploit DB
added 2019/07/30 12:0 a.m.164 views

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References

When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation. PFArray is such a subclass of NSArray. When a PFArray is deserialized, it is deserialize...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/07/30 12:0 a.m.24 views

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/07/30 12:0 a.m.40 views

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References Exploit

When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation. PFArray is such a subclass of NSArray. When a PFArray is deserialized, it is deserialize...

9.8CVSS9.3AI score0.13452EPSS
Exploits1
OSV
OSV
added 2019/02/25 5:32 p.m.5 views

OPENSUSE-SU-2019:0244-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - Update to 2.8 - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Changed cache...

4.4CVSS5.5AI score0.0043EPSS
Exploits1References3
NVD
NVD
added 2018/05/24 4:29 p.m.19 views

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

9.8CVSS8.4AI score0.19523EPSS
Exploits0References17
Veracode
Veracode
added 2018/05/24 2:45 a.m.32 views

Information Disclosure

Apache batik-dom is vulnerable to information disclosure. The vulnerability exists because the user provided string is used as a class name without checking if it was a valid class type. This string is then passed to a no-arg constructor during deserialization of the AbstractDocument subclass...

9.8CVSS8.7AI score0.19523EPSS
Exploits0References22Affected Software1
RedhatCVE
RedhatCVE
added 2018/05/23 2:20 p.m.33 views

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

9.8CVSS2.9AI score0.19523EPSS
Exploits0References2
OSV
OSV
added 2018/05/23 12:0 a.m.2 views

UBUNTU-CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

9.8CVSS7.3AI score0.19523EPSS
Exploits0References3
securityvulns
securityvulns
added 2010/04/06 12:0 a.m.60 views

ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability

ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-055 April 5, 2010 -- CVE ID: CVE-2010-0095 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerabili...

6.8CVSS0.03036EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2010/04/01 2:56 a.m.6 views

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

6.8CVSS5.8AI score0.03036EPSS
Exploits0References4
Prion
Prion
added 2007/05/30 10:30 a.m.14 views

Design/Logic Flaw

Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service browser crash via a Thread subclass that calls super.run from its run method...

5CVSS7.1AI score0.01631EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder