Advisory ROSA-SA-2023-2136

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...

CVE-2023-26547

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

CVE-2023-26548

The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability...

CVE-2023-26548

The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability...

CVE-2023-26547

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

Privilege escalation

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

CVE-2023-26547

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

CVE-2023-26548

The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability...

CVE-2023-26547

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

CVE-2023-26547

Technical details about CVE-2023-26547 are not publicly available in the provided documents. No concrete information on affected products, versions, root cause specifics, exploitation status, or fixes is present here. Monitor for updates.

PT-2023-20721 · Unknown · Inputmethod

Name of the Vulnerable Software and Affected Versions: InputMethod module affected versions not specified Description: The issue is related to a serialization/deserialization mismatch in the InputMethod module. This could potentially lead to privilege escalation if successfully exploited...

CVE-2023-26548

The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability...

CVE-2023-26548

The CVE-2023-26548 entry concerns the pgmng module with a vulnerability in serialization/deserialization that could affect availability. Connected documents corroborate a vulnerability in that module and describe potential availability impact, but do not provide concrete affected versions, exploi...

PT-2023-20722 · Pgmng · Pgmng

Name of the Vulnerable Software and Affected Versions: pgmng module affected versions not specified Description: The issue concerns a vulnerability in the serialization/deserialization process of the pgmng module. Successful exploitation may impact availability. Recommendations: At the moment,...

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle

Exploit Title: NVFLARE 2.1.4 - Unsafe Deserialization due to Pickle Exploit Author: Elias Hohl Google Dork: N/A Date: 2022-06-21 Vendor Homepage: https://www.nvidia.com Software Link: https://github.com/NVIDIA/NVFlare Version: 2.1.4 Tested on: Ubuntu 20.04 CVE : CVE-2022-34668...

Deserialization of untrusted data

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448

CVE-2023-28448 affects the Versionize crate used with vmm_sys_utils::FamStructWrapper. The root cause is missing bound checks in Versionize::deserialize, enabling potential out-of-bounds memory accesses. The issue starts with version 0.1.1 and was fixed in 0.1.10 by adding a check that compares l...

Versionize 缓冲区错误漏洞

Versionize is a framework for version-tolerant serialization/deserialization of Rust data structures, designed for use cases that require fast deserialization times and minimal size overhead. Versionize suffers from a buffer error vulnerability that stems from an out-of-bounds memory access issue...

SUSE CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...