CVE-2022-40151 Stack Buffer Overflow in xstream

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2022-1835)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.321-2.6.28.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1835 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2022-1633)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.321-2.6.28.1.86. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1633 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Security Bulletin: Multiple vulnerabilities have been identified in IBM Java 8 shipped with IBM® Intelligent Operations Center (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-20)

Summary Multiple vulnerabilities have been identified in Oracle January 2022 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

security/keycloak -- Multiple possible DoS attacks

CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: I...

Amazon Linux 2022 : java-latest-openjdk, java-latest-openjdk-demo, java-latest-openjdk-devel (ALAS2022-2022-037)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-037 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311,...

GHSA-72X9-48MC-PHH6 Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.4)

The version of AOS installed on the remote host is prior to 5.20.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.4 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - CVE-2020-9493 identified ...

NVFLARE unsafe deserialization due to Pickle

Impact NVFLARE contains a vulnerability where deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. All versions before 2.1.4 are affected. CVSS Score =...

Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Summary Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system...

CVE-2022-37023

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

PT-2022-22281 · Nvflare · Nvflare

Name of the Vulnerable Software and Affected Versions: NVFLARE versions prior to 2.1.4 Description: The issue concerns deserialization of untrusted data due to Pickle usage, which may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and impact both...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2022-1631)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.342.b07-0.68. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1631 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

HackerOne: Ability to escape database transaction through SQL injection, leading to arbitrary code execution

HackerOne has an internal backend interface that gives debugging capabilities to its engineers. One of the features is the ability to run EXPLAIN ANALYZE queries against a connected database. This feature is accessible by a handful of engineers. The feature is vulnerable to a SQL injection that...

PT-2022-37165 · Unknown · Com.Fasterxml.Jackson.Core

Name of the Vulnerable Software and Affected Versions: com.fasterxml.jackson.core affected versions not specified Description: The issue is related to a security exception that occurs during the serialization of an ArrayNode. The crash state indicates that the problem arises in the...

CVE-2016-3709

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

GSD-2022-1004260 filemap: Fix serialization adding transparent huge pages to page cache

filemap: Fix serialization adding transparent huge pages to page cache This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.8 by commit...