Amazon Linux 2 : java-17-amazon-corretto (ALAS-2022-1752)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.2+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1752 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1753)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.14+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1753 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

Insecure Serialization Data

corda-serialization is vulnerable to insecure serialization data. An attacker is able to use a CustomSerializer to modify the meaning of serialized data...

xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

[SECURITY] Fedora 35 Update: xstream-1.4.19-1.fc35

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

Deserialization of untrusted data in Apache Cayenne

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

GHSA-C58C-W527-H77P Deserialization of untrusted data in Apache Cayenne

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

Fedora: Security Advisory for xstream (FEDORA-2022-ad5cf1c0dd)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-39676

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Input validation

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-39676

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-39676

CVE-2021-39676 — Android 11 : The flaw resides in the AndroidFuture.java writeThrowable path, where a parcel serialization/deserialization mismatch occurs due to improper input validation. This enables local escalation of privilege with no additional execution privileges required, and does not re...

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

Code injection

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

PT-2022-10961 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 11 Description: The issue is related to a parcel serialization/deserialization mismatch in the writeThrowable function of AndroidFuture.java due to improper input validation. This could lead to local escalation of privilege wi...

Deserialization of Untrusted Data in bson

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure...

Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...