4172 matches found
ROS-20230619-06
Vulnerability in protobuf-c data serialization protocol is related to integer overflow in the function parserequiredmember. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a complete compromise of the vulnerable system...
Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)
Summary IBM Sterling Control Center uses Java SE. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2023-2150)
According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details...
EntropyReducer - Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
EntropyReducer: Reduce The Entropy Of Youre Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFFSIZE and NULLBYTES values. The following is how would EntropyReducer organize your payload if BUFFSIZE was set to 4 , and NULLBYTES to 2...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
AlmaLinux 9 : qemu-kvm (ALSA-2023:2162)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2162 advisory. - An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use...
PT-2023-35815 · Git +1 · Harfbuzz
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash occurs in the sort r simple function and involves the...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2023) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2023 and April 2022. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION:...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a flaw when using JDK serialization for...