Lucene search
K

81 matches found

Microsoft CVE
Microsoft CVE
added 2022/01/22 8:0 a.m.6 views

Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Oracle Java SE Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies

...

4.3CVSS6AI score0.03763EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/11/17 12:0 a.m.6 views

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...

10CVSS7AI score0.7598EPSS
Exploits1References19Affected Software29
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.6 views

The vulnerability of the Flask software’s extension relates to insecure privilege management. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the Flask extension relates to an error in the use of Pickle for serialization. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures...

9.8CVSS7.8AI score0.07288EPSS
Exploits3References4Affected Software2
Prion
Prion
added 2021/01/07 12:15 a.m.26 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...

6.8CVSS8.6AI score0.05018EPSS
Exploits2References10Affected Software43
Prion
Prion
added 2021/01/06 11:15 p.m.30 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...

6.8CVSS8.6AI score0.05218EPSS
Exploits1References10Affected Software43
Positive Technologies
Positive Technologies
added 2020/12/08 12:0 a.m.4 views

PT-2020-15035 · Apache · Apache Tapestry

Name of the Vulnerable Software and Affected Versions: Apache Tapestry version 4 Description: A Java Serialization vulnerability was found in Apache Tapestry 4, where it attempts to deserialize the sp parameter before invoking the page's validate method, leading to deserialization without...

9.8CVSS7.2AI score0.09732EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08607EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.5 views

The vulnerability of the Serialization component in Java SE and Java SE Embedded software platforms allows a attacker to trigger a service failure.

The vulnerability of the Serialization component in Java SE and Java SE Embedded software platforms is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to cause service failures through various network protocols...

4.3CVSS6.4AI score0.04211EPSS
Exploits0References11Affected Software6
RedHat Linux
RedHat Linux
added 2020/05/26 4:9 p.m.4 views

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05681EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 9:36 a.m.4 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
OSV
OSV
added 2020/04/15 2:15 p.m.3 views

DEBIAN-CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS5.8AI score0.04211EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 2:15 p.m.2 views

UBUNTU-CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS6.7AI score0.04211EPSS
Exploits0References4
Prion
Prion
added 2020/04/07 11:15 p.m.29 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

6.8CVSS8.6AI score0.05594EPSS
Exploits0References8Affected Software17
Prion
Prion
added 2020/03/30 10:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

7.5CVSS9.3AI score0.01977EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/06 12:0 a.m.4 views

The vulnerability in the Serialization component of Oracle Java SE and Java SE Embedded software platforms allows a hacker to gain full control over the application.

The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...

8.1CVSS7.4AI score0.04903EPSS
Exploits0References14Affected Software8
BDU FSTEC
BDU FSTEC
added 2019/11/04 12:0 a.m.3 views

The vulnerability of the Serialization component in Oracle Java SE and Oracle Java SE Embedded software platforms allows a attacker to cause partial service disruption.

The vulnerability of the Serialization component in Oracle Java SE and Oracle Java SE Embedded software platforms is related to an exception handling error. Exploiting this vulnerability can allow a malicious actor to cause partial service interruption remotely...

3.7CVSS6.4AI score0.03749EPSS
Exploits0References12Affected Software6
OSV
OSV
added 2019/05/16 10:29 p.m.1 views

DEBIAN-CVE-2019-10912

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...

7.1CVSS6.9AI score0.02302EPSS
Exploits0References1
OSV
OSV
added 2018/11/14 6:29 p.m.5 views

CVE-2018-9522

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not...

7.8CVSS5.8AI score0.00178EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/10/30 10:4 a.m.8 views

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

7.8CVSS7AI score0.00367EPSS
Exploits0References4
OSV
OSV
added 2018/09/26 9:29 p.m.5 views

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

8.1CVSS6.3AI score0.15075EPSS
Exploits1References1
Rows per page
Query Builder