MiracleLinux 8 : [security - moderate] pki-deps:10.6 security, bug fix, and enhancement updat (AXSA:2020-932:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-932:01 advisory. jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14540 jackson-databind: Serialization gadgets in...

MiracleLinux 8 : java-11-openjdk-11.0.10.0.9-8.el8 (AXBA:2021-2043:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2021-2043:09 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java S...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7.AXS7 (AXSA:2019-4366:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4366:05 advisory. OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler Networking, 8223892 CVE-2019-2978 OpenJDK: Incorrect handling of HTTP proxy...

MiracleLinux 4 : libxml2-2.7.6-20.0.1.AXS4 (AXSA:2015-285:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-285:01 advisory. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and...

CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

UBUNTU-CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

CVE-2025-71074 functionfs: fix the open/removal races

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

CVE-2025-71074 functionfs: fix the open/removal races

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

CVE-2025-71074

The CVE-2025-71074 issue affects Linux kernel functionfs, where open/removal races can leave file->private_data as a freed object, causing UAF on read/write. Root cause: ffs->opened is misused; synchronization via atomic_dec_and_test() is insufficient. The fix approach, as documented, is to...

CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

PT-2026-2595

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the functionfs implementation, specifically in the ffs epfile open function. This condition can occur when a file is opened and removed concurrently,...

CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization...

CVE-2021-31919

An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct...

CVE-2021-0970

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

CVE-2025-40906

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON...

CVE-2020-24164

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

Security Bulletin: Remote Exploitable Java SE Serialization Weakness Causing Partial DoS, affects watsonx.data

Summary Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of...