USN-7099-1 openjdk-21 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 21 did not...

The vulnerability of the Serialization component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to trigger a service failure.

The vulnerability of the Serialization component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Serialization component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...

JDK: Unbounded allocation leads to out-of-memory error (8331446)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

JDK: Unbounded allocation leads to out-of-memory error (8331446)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

DEBIAN-CVE-2024-21217

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

UBUNTU-CVE-2024-21217

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

K000141355: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

logback: A serialization vulnerability in logback receiver

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.3 release security update

Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

DoS (Denial of Service) ch.qos.logback:logback-classic Dependency in Confluence Data Center and Server

This High severity ch.qos.logback:logback-classic Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. This ch.qos.logback:logback-classic Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

Exploit for Server-Side Request Forgery in Apache Ofbiz

CVE-2023-51467 exp.py changed to command execution P...

OESA-2023-1946 logback security update

Logback is intended as a successor to the popular log4j project. Security Fixes: A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. CVE-2023-6378 A serialization vulnerability ...

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6481

CVE-2023-6481 concerns the logback receiver component in logback, affected in versions 1.4.13, 1.3.13, and 1.2.12. It describes a serialization vulnerability that enables a Denial-of-Service attack when poisoned data is received. The connected documents corroborate a DoS impact and reference mult...

CVE-2023-6378

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2023-6378

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...