81 matches found
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Oracle Java SE Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies
...
The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.
The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...
The vulnerability of the Flask software’s extension relates to insecure privilege management. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the Flask extension relates to an error in the use of Pickle for serialization. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...
PT-2020-15035 · Apache · Apache Tapestry
Name of the Vulnerable Software and Affected Versions: Apache Tapestry version 4 Description: A Java Serialization vulnerability was found in Apache Tapestry 4, where it attempts to deserialize the sp parameter before invoking the page's validate method, leading to deserialization without...
jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
The vulnerability of the Serialization component in Java SE and Java SE Embedded software platforms allows a attacker to trigger a service failure.
The vulnerability of the Serialization component in Java SE and Java SE Embedded software platforms is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to cause service failures through various network protocols...
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
DEBIAN-CVE-2020-2757
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
UBUNTU-CVE-2020-2756
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...
Design/Logic Flaw
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...
The vulnerability in the Serialization component of Oracle Java SE and Java SE Embedded software platforms allows a hacker to gain full control over the application.
The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability of the Serialization component in Oracle Java SE and Oracle Java SE Embedded software platforms allows a attacker to cause partial service disruption.
The vulnerability of the Serialization component in Oracle Java SE and Oracle Java SE Embedded software platforms is related to an exception handling error. Exploiting this vulnerability can allow a malicious actor to cause partial service interruption remotely...
DEBIAN-CVE-2019-10912
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
CVE-2018-9522
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not...
kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...
CVE-2018-16364
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...