OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

Apache DB DdlUtils 代码问题漏洞

Apache DB DdlUtils is a small, easy-to-use component from the Apache Foundation for working with database definition DDL files.A code issue vulnerability exists in Apache DB DdlUtils 1.0, which stems from an insecure BinaryObjectsHelper class that uses ObjectInputStream.readObject when failing to...

Minecraft 代码问题漏洞

Minecraft My World is a sandbox game by Mojang of Sweden. a security vulnerability existed before Minecraft 1.16.1.7, which stems from the BDew BdLib library allowing remote code execution to deserialize untrusted data in ObjectInputStream. No detailed vulnerability details are currently availabl...

CVE-2021-33790

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation...

keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution...

keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution...

Pippo Java Deserialization Vulnerability

Pippo is a Java-based Web framework . A security vulnerability exists in Pippo version 1.11.0, which stems from the 'SerializationSessionDataTranscoder.decode' function failing to check the type of a SessionData object before calling the 'ObjectInputStream.readObject' function for deserialization...