CVE-2015-3837

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...

CVE-2015-3837

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...

CVE-2015-3837

CVE-2015-3837 affects Android’s OpenSSLX509Certificate class (org/conscrypt/OpenSSLX509Certificate.java) in builds prior to 5.1.1 LMY48I. The root cause is improper inclusion of certain context data during serialization and deserialization, enabling a malicious local application to trigger code e...

Django arbitrary code execution 0day vulnerability analysis-vulnerability warning-the black bar safety net

From Django SECTETKEY to code execution. Django is a can be used to quickly build high-performance, elegant web platform by Python. The use of the MVC software design pattern, namely the model M, view V and the controller C. It was originally being developed for the management of the Lawrence...

Django arbitrary code execution vulnerability analysis-vulnerability warning-the black bar safety net

From Django SECTETKEY to code execution Django is a can be used to quickly build high-performance, elegant web platform by Python. The use of the MVC software design pattern, namely the model M, view V and the controller C. It was originally being developed for the management of the Lawrence...

Amazon Linux: Security Advisory (ALAS-2013-207)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 5.6 / 5.5 / 5.4 unserialize() Use-After-Free

Use After Free Vulnerabilities in unserialize Taoguang Chen - Write Date: 2015.7.31 - Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely...

ganglia-webfrontend -- auth bypass

Ivan Novikov reports: It's easy to bypass auth by using boolean serialization...

JVN#17611367: Apache Tapestry deserializes untrusted data

Apache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the server. This data serialization / deserialization process does not contain data validation...

Serialization vulnerability affects more than half of the Android phones-vulnerability warning-the black bar safety net

! Stagefright vulnerability broke not long before the Android platform and broke a major vulnerability, affect 5 5% of phone. IBM's X-Force application security research team has recently discovered this vulnerability. An attacker can exploit this arbitrary code execution vulnerability to a no...

Android 'Serialization' Vulnerability Affects 55 Percent of Devices

Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they’ve not always been diligent about. I...

PHP SplDoublyLinkedList Use-After-Free

Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.7.30 - Release Date: 2015.8.7 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks...

Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20150722)

A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. CVE-2015-1819 This issue was...

OracleVM 3.3 : libxml2 (OVMSA-2015-0097)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - CVE-2015-1819 Enforce the reader to run in constant memoryrhbz1214163 - Stop parsing on entities...

MGASA-2015-0296 Updated groovy package fixes security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...

Updated groovy package fixes security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanim to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whic...

libxml2 security and bug fix update

2.7.6-20.0.1.el6 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball libxml2-2.7.6-20.el6 - CVE-2015-1819 Enforce the reader to run in constant memoryrhbz1214163 libxml2-2.7.6-19.el6 - Stop parsing on entities boundaries errors - Fix missing entiti...

[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure

Severity: Important Vendor: The Apache Software Foundation Versions Affected: All unsupported versions ranging from 1.7.0 to 2.4.3. Impact Remote execution of untrusted code, DoS Description When an application has Groovy on classpath and that it uses standard Java serialization mechanims to...

libxml2 security update

CentOS Errata and Security Advisory CESA-2015:1419 Updated libxml2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score...

RHEL 6 : libxml2 (RHSA-2015:1419)

Updated libxml2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...