PT-2019-17012 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue allows a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. Recommendations:...

GHSA-CHP4-RV79-68J3 Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

ZOHO ManageEngine Applications Manager Serialization Vulnerability

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A serialization...

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

Remote code execution

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

CVE-2018-16364

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share...

CVE-2018-16364

Zoho ManageEngine Applications Manager is affected by a serialization vulnerability that enables remote code execution on Windows when handling a payload on an SMB share. The flaw exists in builds prior to 13740. The vulnerability is exploitable over the network and does not require user interact...

CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

Important: Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

Security Bulletin: A vulnerability in IBM WebSphere Application Server may affect IBM Streams (CVE-2016-5983)

Summary There is a serialization vulnerability in IBM WebSphere Application Server which is used by IBM Streams. IBM Streams has addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary...

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

UBUNTU-CVE-2017-10281

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacke...

Oracle Java SE, Java SE Embedded and JRockit Component Denial of Service Vulnerabilities

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a powerful, reliable, and portable...

Oracle Java SE, Java SE Embedded and JRockit Component Denial of Service Vulnerabilities

Oracle Java SE is the standard version of Oracle's Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments, and Java SE and Java SE Embedded are components of Java SE Embedded, a Java platform for developing powerful,...

Java SE and Jrockit Denial of Service Vulnerabilities

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments.The JRockit family of products is a comprehensive portfolio of Java runtime solutions that includes the industry's fastest...