RHEL 7 : java-11-openjdk (RHSA-2019:3127)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3127 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

RHEL 7 : java-1.8.0-openjdk (RHSA-2019:3128)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3128 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2983

CVE-2019-2983 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u231, 8u221, 11.0.4, 13; Java SE Embedded 8u221. Unauthenticated attacker with network access can trigger a partial denial of service in Java SE/Embedded. Base CVSSv3.0 score 3.7 (Network, High/No...

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Oracle Java SE Security Updates (oct2019-5072832) 01 - Linux

Oracle Java SE is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Java SE Security Updates (oct2019-5072832) 01 - Windows

Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA11582 Multiple vulnerabilities in Oracle Java SE

Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. A vulnerability in Kerberos component can be exploited to bypass security restrictions; 2. A vulnerability in...

Oracle Java SE/Java SE Embedded CVE-2019-2983 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Serialization' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 1...

CVE-2017-10345

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...

CVE-2018-8018

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...

High severity vulnerability that affects PeterO.Cbor

Impact The CBOR library supports optional tags that enable CBOR objects to contain references to objects within them. Versions earlier than 4.0 resolved those references automatically. While this by itself doesn't cause much of a security problem, a denial of service can happen if those reference...

CVE-2019-9373

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

Deserialization of untrusted data

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...