RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2017:3392)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3392 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20171206)

Security Fixes : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 - It was discovered that the Kerberos client implementation ...

OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Ubuntu: Security Advisory (USN-3497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3497-1 openjdk-7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3497-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3497-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...

Object Injection

October CMS is vulnerable to object injection. The library does not properly handle the serialization of the selectedList variable in the modules/cms/widgets/AssetList.php file, allowing a malicious user to inject PHP objects that can lead to the ability to delete arbitrary files on the server...

[SECURITY] Fedora 27 Update: rubygem-ox-2.8.2-1.fc27

A fast XML parser and object serializer that uses only standard C lib. Optimized XML Ox, as the name implies was written to provide speed optimi zed XML handling. It was designed to be an alternative to Nokogiri and other Ru by XML parsers for generic XML parsing and as an alternative to Marshal...

Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE

Name| jboss6jmxinvokerservletdeserialize ---|--- CVE| CVE-2015-7501 Exploit Pack| CANVAS Description| jboss6jmxinvokerservletdeserialize Notes| CVE Name: CVE-2015-7501 VENDOR: Red Hat NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0...

DEBIAN-CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION

Name| weblogict3deserialization ---|--- CVE| CVE-2015-4852 Exploit Pack| CANVAS Description| weblogict3deserialization Notes| CVE Name: CVE-2015-4852 VENDOR: Oracle NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3473-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3473-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

Shopwareis a popular e-commerce software. It is based on PHP using technologies like Symfony 2, Doctrine and the Zend Framework. The code base of its open source community edition encompasses over 690,000 lines of code which we scanned for security vulnerabilities with our RIPS static code...

USN-3473-1 openjdk-8 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

Oracle Flexcube Direct Banking Cross-Site Scripting Vulnerability

Oracle Financial Services Applications is a set of core banking, online banking and property management financial services software from Oracle Corporation, of which Oracle FLEXCUBE Direct Banking is an Internet and mobile banking solution component. A cross-site scripting vulnerability exists in...

RHEL 7 : java-1.6.0-sun (RHSA-2017:3047)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3047 advisory. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades...

OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2017-12628

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...