Oracle Linux 7 : xstream (ELSA-2021-1354)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1354 advisory. - Resolves: CVE-2021-21344 - Resolves: CVE-2021-21345 - Resolves: CVE-2021-21346 - Resolves: CVE-2021-21347 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: xstream security update

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALPINE-CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

DEBIAN-CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

AZL-6860 CVE-2021-28965 affecting package ruby for versions less than 2.7.4-1

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

SUSE: Security Advisory (SUSE-SU-2020:2861-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An...

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

CVE-2021-21405

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacke...

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00...

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00...

Design/Logic Flaw

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00...

CVE-2021-24028

CVE-2021-24028 : A flaw in Facebook Thrift’s table-based serialization causes an invalid free, which can crash the application and potentially allow code execution. Affected software is Facebook Thrift prior to v2021.02.22.00. Remediation: upgrade to v2021.02.22.00 or newer. Note: exploitation de...

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00...

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00...

Facebook Thrift 安全漏洞

Facebook Thrift is a fork of Apache Thrift, a serialization and RPC framework for service communication from Facebook, USA. A security vulnerability exists in versions prior to Facebook Thrift v2021.02.22.00, which stems from an invalid free in Thrift's table-based serialization that could cause ...

UBUNTU-CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

PT-2021-5813

Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.2.5 in Ruby versions prior to 2.6.7 REXML gem versions prior to 3.2.5 in Ruby versions 2.7.x prior to 2.7.3 REXML gem versions prior to 3.2.5 in Ruby versions 3.x prior to 3.0.1 Description The issue is related to...

Sutou Kouhei rexml 安全漏洞

Sutou Kouhei rexml is a Sutou Kouhei open source application . Support for tree and stream document parsing . REXML security vulnerability , the vulnerability stems from parsing and serializing a carefully crafted XML document , may create a structure different from the original document with the...