CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...

EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2022-1571)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

GHSA-5V4M-C73V-C7GQ Arbitrary Code Execution in Cookie Serialization

The default serialization used by Plug session may result in code execution in certain situations. Keep in mind, however, the session cookie is signed and this attack can only be exploited if the attacker has access to your secret key as well as your signing/encryption salts. We recommend users t...

Arbitrary Code Execution in Cookie Serialization

The default serialization used by Plug session may result in code execution in certain situations. Keep in mind, however, the session cookie is signed and this attack can only be exploited if the attacker has access to your secret key as well as your signing/encryption salts. We recommend users t...

The vulnerability of the Serialization component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to compromise data integrity.

The vulnerability of the Serialization component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the integrity of data...

Qualcomm 芯片 代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc., and from time to time manufactured on the surface of semiconductor wafers. A code issue vulnerability exists in multiple Qualcomm...

Design/Logic Flaw

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server...

Amazon Corretto Java 8.x < 8.242.07.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.242.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2020-Jan-14 advisory. - OpenJFX libxslt CVE-2019-13117, CVE-2019-13118 - OpenJFX SQLite CVE-2019-16168 - Serialization...

Amazon Corretto Java 11.x < 11.0.6.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 11 11.0.6.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2020-Jan-15 advisory. - Serialization CVE-2020-2583, CVE-2020-2604 - Security CVE-2020-2590, CVE-2020-2601 - Networking...

Amazon Corretto Java 17.x < 17.0.2.8.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.2.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2022-Jan-18 advisory. - core-libs/java.io:serialization CVE-2022-21248, CVE-2022-21341 - client-libs/javax.imageio...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:1025-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1025-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2022:1027-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1027-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization...

openSUSE 15 Security Update : java-1_8_0-ibm (openSUSE-SU-2022:1027-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1027-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

Zkar - A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress , so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol ...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect SPSS Collaboration and Deployment Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and 8 used by SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability i...

RHEL 7 : java-1.8.0-ibm (RHSA-2022:0968)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0968 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

RHEL 8 : java-1.8.0-ibm (RHSA-2022:0970)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0970 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager

Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...

GHSA-V2RG-8CWR-75G8 Deserializer tampering in Apache Dubbo

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...

Deserializer tampering in Apache Dubbo

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...