Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

CVE-2014-7911

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted...

ObjectInputStream deserializable

In Android 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-privat...