ROS-20250114-06

A vulnerability in the Serialization component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect clearing or freeing of resources. resources. Exploitation of the vulnerability could allow an attacker acting...

UBUNTU-CVE-2024-47141

In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc-pinmux data When two client of the same gpio call pinctrlselectstate for the same functionality, we are seeing NULL pointer issue while accessing desc-muxowner. Let's say two processes...

Oracle Linux 9 : kernel (ELSA-2025-0059)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-0059 advisory. - mlxsw: spectrumipip: Fix memory leak when changing remote IPv6 address CKI Backport Bot RHEL-66899 CVE-2024-50252 - CVE-2024-53122 mptcp: cope racing...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2025:0059 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: perf/aux: Fix AUX buffer serialization CVE-2024-46713 kernel: RDMA/bnxtre: Fix a bug while setting up Level-2 PBL pages CVE-2024-50208 kernel: mlxsw: spectrumipip: Fix memory leak when...

OSV-2025-7 Heap-buffer-overflow in oatpp::json::Utils::escapeUtf8Char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=387626404 Crash type: Heap-buffer-overflow WRITE 1 Crash state: oatpp::json::Utils::escapeUtf8Char oatpp::json::Utils::escapeString oatpp::json::Serializer::serializeString...

PT-2025-40079

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the networking subsystem related to phylink. The issue involves a potential race condition when serializing concurrent writes to pl-phydev with the...

PT-2026-4771

Name of the Vulnerable Software and Affected Versions eslint versions prior to 9.26.0 Description A stack overflow issue exists in eslint when serializing objects containing circular references within the eslint/lib/shared/serialization.js file. The issue is triggered through the RuleTester.run...

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

The Apache Software Foundation ASF has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046 , the vulnerability carries a CVSS score of 10.0. It...

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache USA Foundation. It is primarily used for developing high-performance and highly scalable web applications. A security vulnerability exists in Apache MINA versions 2.0.X, 2.1.X, and 2.2.X. The vulnerability stems from a lack of necessary...

PT-2024-9987

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.X through 2.2.X Description The ObjectSerializationDecoder in Apache MINA lacks necessary security checks when processing incoming serialized data using Java’s native deserialization protocol. This allows attackers to...

CLSA-2024-1734643101 Fix CVE(s): CVE-2024-6923

SECURITY UPDATE: Improper newline quoting in email module header serialization - debian/patches/CVE-2024-6923.patch: Encode newlines in headers and verify headers to be sound - CVE-2024-6923...

SUSE CVE-2024-47834

GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GSTMATROSKAIDCODECPRIVATE case within the gstmatroskademuxparsestream function, a dat...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-47739)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47739 advisory. - In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to preve...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU bsc1232064: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702,JDK-8328286 - CVE-2024-21210: Fixed unauthorized update, insert or delete...

GLSA-202412-01 : R: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202412-01 R: Arbitrary Code Execution Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU bsc1232064: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702,JDK-8328286 - CVE-2024-21210: Fixed unauthorized update, insert or delete...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u432 icedtea-3.33.0: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702,JDK-8328286 - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data...

CVE-2022-41137

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...