1730 matches found
HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)
An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet...
Magento Community Edition 2.x < 2.0.6 Multiple Vulnerabilities
Binary data 9694.prm...
McAfee ePolicy Orchestrator Arbitrary Code Execution Vulnerability (Sep 2016)
McAfee ePolicy Orchestrator is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization (CVE-2013-2186)
An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this...
Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization (CVE-2016-3642)
An insecure deserialization vulnerability has been reported in Solarwinds Virtualization Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)
An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...
SUSE SLES10 Security Update : IBM Java 1.6.0 (SUSE-SU-2016:1388-1)
This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 CVE-2016-0376: insecure...
SUSE-SU-2016:1379-1 Security update for java-1_6_0-ibm
This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...
Chef Manage deserializes cookie data insecurely
Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...
SUSE-SU-2016:1300-1 Security update for java-1_7_1-ibm
This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...
SUSE-SU-2016:1299-1 Security update for java-1_7_1-ibm
This IBM Java 1.7.1 SR3 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
RHEL 7 : java-1.8.0-ibm (RHSA-2016:0716)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0716 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
Jenkins CI Server Commons-Collections Library Insecure Deserialization (CVE-2015-8103)
An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to deserialization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path...
Apache Commons Collections Java library insecurely deserializes data
Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...
XStream: remote code execution due to insecure XML deserialization
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...
XStream: remote code execution due to insecure XML deserialization
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...