Lucene search
K

140 matches found

CakePHP
CakePHP
added 2017/12/08 12:0 a.m.28 views

Potential for Information Disclosure in Application Skeleton

Potential for Information Disclosure in Application Skeleton The default application skeleton contained a beforeRender method on the AppController that could potentially lead to unwanted information disclosure in your application. The unsafe default code was present between 3.1.0 and 3.5.0 of the...

6.7AI score
Exploits0
Debian
Debian
added 2017/05/01 8:57 a.m.35 views

[SECURITY] [DLA 930-1] libxstream-java security update

Package : libxstream-java Version : 1.4.2-1+deb7u2 CVE ID : CVE-2017-7957 Debian Bug : 861521 It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an...

7.5CVSS7.6AI score0.04928EPSS
Exploits0
Fedora
Fedora
added 2017/04/20 5:20 p.m.15 views

[SECURITY] Fedora 25 Update: jenkins-xstream-1.4.7-11.jenkins1.fc25

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

0.2AI score
Exploits0
Fedora
Fedora
added 2017/04/20 4:49 p.m.17 views

[SECURITY] Fedora 24 Update: jenkins-xstream-1.4.7-11.jenkins1.fc24

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

0.2AI score
Exploits0
Fedora
Fedora
added 2017/04/20 4:49 p.m.11 views

[SECURITY] Fedora 24 Update: xstream-1.4.9-5.fc24

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

0.4AI score
Exploits0
Fedora
Fedora
added 2017/04/19 3:9 a.m.13 views

[SECURITY] Fedora 26 Update: jenkins-xstream-1.4.7-11.jenkins1.fc26

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

0.2AI score
Exploits0
Fedora
Fedora
added 2017/04/19 3:9 a.m.15 views

[SECURITY] Fedora 26 Update: xstream-1.4.9-5.fc26

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

0.4AI score
Exploits0
OSV
OSV
added 2017/04/11 4:59 p.m.1 views

DEBIAN-CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627...

7.5CVSS8.8AI score0.06165EPSS
Exploits1References1
OSV
OSV
added 2016/05/04 12:0 a.m.3 views

UBUNTU-CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627...

7.5CVSS6.7AI score0.06165EPSS
Exploits1References4
Fedora
Fedora
added 2016/04/26 9:24 p.m.30 views

[SECURITY] Fedora 22 Update: xstream-1.4.9-1.fc22

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

7.5CVSS0.4AI score0.08179EPSS
Exploits0
Fedora
Fedora
added 2016/04/26 8:58 p.m.30 views

[SECURITY] Fedora 23 Update: xstream-1.4.9-1.fc23

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

7.5CVSS0.4AI score0.08179EPSS
Exploits0
Fedora
Fedora
added 2016/04/04 5:28 p.m.39 views

[SECURITY] Fedora 24 Update: xstream-1.4.9-1.fc24

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

7.5CVSS0.4AI score0.08179EPSS
Exploits0
seebug.org
seebug.org
added 2016/03/02 12:0 a.m.245 views

XStream 反序列化漏洞

Xstream 的反序列化漏洞的根源就是 Groovy 组件的问题参考 Apache Groovy MethodClosure 远程代码执行漏洞(CVE-2015-3253),只不过在 Xstream 中进行反序列化时恰好有触发存在缺陷函数的点,也就是 Xstream 在反序列化时调用了 Mapput 函数将构造好的 Expando 实例作为 key 添加到集合中时触发了代码执行,如下图: 这里的 key 就是我们构造的 Expando 的实例对象。 在构造 EXP 时,首先我们要构造一个 Expando 的一个对象实例,同时设置 hashCode 的实现为 MethodClosure...

9CVSS9.4AI score0.82697EPSS
Exploits26
Fedora
Fedora
added 2014/02/22 12:56 a.m.35 views

[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.8CVSS0.4AI score0.84362EPSS
Exploits5
Fedora
Fedora
added 2014/02/22 12:47 a.m.34 views

[SECURITY] Fedora 20 Update: xstream-1.3.1-9.fc20

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.8CVSS0.4AI score0.84362EPSS
Exploits5
Cvelist
Cvelist
added 2014/01/02 11:0 a.m.25 views

CVE-2013-7249

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224...

6AI score0.02554EPSS
Exploits1References6
CVE
CVE
added 2014/01/02 11:0 a.m.57 views

CVE-2013-7249

CVE-2013-7249 affects Fat Free CRM prior to 0.12.1. The issue is an XML serialization restriction flaw that allows remote attackers to obtain sensitive information via a direct request (e.g., /users/1.xml). This is explicitly described as a separate vulnerability from CVE-2013-7224. The available...

5CVSS6.1AI score0.02554EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.16 views

openSUSE 10 Security Update : mono-core (mono-core-2182)

The Mono System.Xml.Serialization class contained a /tmp race which allows local attackers to potentially execute code as the user using the Serialization method. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

5.7AI score
Exploits0
securityvulns
securityvulns
added 2005/07/12 12:0 a.m.34 views

[Full-disclosure] ASP.NET RCP/Encoded Web service DOS

ASP.NET RCP/Encoded Web service DOS http://www.spidynamics.com/spilabs/advisories/aspRCP.html Release Date: July 11, 2005 Severity: High System Affected IIS Servers exposing ASP.NET Web services that consume arrays in RCP/Encoded mode Applications using System.Xml.Serialization to consume untrust...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 1976/01/01 12:0 a.m.36 views

CVE-2022-40154

Removed by vendor...

8.6AI score
Exploits0
Rows per page
Query Builder