Remote code execution

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

UBUNTU-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

CVE-2023-25575: Secured properties may be accessible within collections

Impact Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization...

USN-5898-1: OpenJDK vulnerabilities

It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. CVE-2023-21830 Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properl...

api-platform/core's secured properties may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

API Platform 安全漏洞

API Platform is an open source web framework for creating API-first projects. A security vulnerability exists in API Platform Core that stems from a serialization formatting error, which can be exploited by an attacker to disclose data...

CVE-2023-27372

SPIP CVE-2023-27372 is a remote code execution vulnerability present in SPIP versions prior to 4.2.1 due to mishandled serialization in the public area (oubli parameter) used by the password-reset flow. The underlying issue is a deserialization flaw in the Spip code path (ecrire/inc/filtres.php, ...

SPIP 安全漏洞

SPIP is a freeware program from SPIP for creating Internet sites. A security vulnerability exists in SPIP versions prior to 4.2.1, which stems from improper serialization handling and can be exploited by an attacker to remotely execute code...

PT-2023-20173 · Unknown · Api Platform Core

Name of the Vulnerable Software and Affected Versions: API Platform Core versions 2.7 through 2.7.9 API Platform Core versions 3.0 through 3.0.11 API Platform Core versions 3.0.12 is not affected, versions 3.1 through 3.1.2 Description: Resource properties secured with the security option of the...

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

PT-2023-6830

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.2.1 SPIP versions 3.2.18 through 4.0.10 SPIP versions 4.1.8 through 4.2.1 SPIP version 3.2.11-3+deb11u7 Description SPIP is susceptible to a flaw related to the improper handling of untrusted data during memory...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2023-003)

The version of java-11-openjdk installed on the remote host is prior to 11.0.18.0.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2023-003 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java ...

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2023-1963)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.362.b08-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1963 advisory. Improve CORBA communication: CORBA deserialization can result in outbound network connections with data passed i...

K25893729: Apache Dubbo vulnerability CVE-2021-25641

Security Advisory Description Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamb...

K77535578: Multiple Java SE client-side vulnerabilities

Security Advisory Description CVE-2016-0636 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. CVE-2016-0686 Unspecified vulnerability in Oracle...

CVE-2022-48282

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...