OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client arises from the lack of checks on the size of input data when using buffers. This allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the lack of checks on the size of input data when using buffers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded Serialization Component

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

UBUNTU-CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

PT-2020-2544

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to the Serialization component and is difficult to exploit, allowing an unauthenticated attacker with network access via multiple...

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane...

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2020:0456-1)

This update for java-171-ibm fixes the following issues : Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed : CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. CVE-2020-2593: Fixed an incorrect check in...

SUSE-SU-2020:14287-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

SUSE-SU-2020:14286-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms allows a attacker to trigger a service failure.

The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to the provision of unlimited memory resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

DEBIAN-CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

UBUNTU-CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

PT-2020-1476

Name of the Vulnerable Software and Affected Versions Java SE versions 7u241, 8u231, 11.0.5, and 13.0.1 Java SE Embedded version 8u231 Description The issue is related to insufficient access control in the Serialization component of Oracle Java SE and Java SE Embedded. It can be exploited by an...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of FasterXML jackson-databind vulnerable to serialization gadgets. Vulnerability Details CVEID: CVE-2019-17531 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Whe...

OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...