Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available, by manipulating the processed input stream with a Java runtime version 14 to 8. ...

Security update for libsoup

This update for libsoup fixes the following issues CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649. CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback execution bsc1259767. Patch Instructions: To...

CVE-2026-9828

A flaw was found in logback. An attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer could exploit a deserialization of untrusted data vulnerability, allowing for object injection. This could enable the instantiation of objects from certain Java classes...

SUSE-SU-2026:22061-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

Linux Distros Unpatched Vulnerability : CVE-2026-10532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albe...

CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

CVE-2026-10532 Logback deserialization whitelist bypass for Proxy objects

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

CVE-2026-10532

The CVE-2026-10532 issue concerns deserialization of untrusted data in QOS.CH Sarl logback-logback-core’s HardenedObjectInputStream module, allowing Object Injection when serialized data is directed at SimpleSocketServer or SimpleSSLSocketServer to instantiate Proxy objects. The vulnerability is ...

CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

CVE-2026-6324

Affected software: libsoup. Vulnerability: unsigned-to-signed conversion error in soup_body_input_stream_read_chunked(). Impact: remote attacker can bypass security controls, poison web caches, or gain unauthorized access when libsoup sits behind or fronts a non-libsoup server. Context: exploit v...

Linux Distros Unpatched Vulnerability : CVE-2026-6324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...

DEBIAN-CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

UBUNTU-CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

EUVD-2026-32895

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to allocate 100% of the CPU resources on the target system, depending on the type of CPU or through parallel execution of such a payload. This results in...

Astra Linux - уязвимость в libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to execute arbitrary code by manipulating the processed input stream. However, users who followed the recommendations to set up XStream’s...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in glib. Missing validation of the offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length calculations. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy,...

CVE-2026-44088

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

BIT-HYPERLEDGER-FABRIC-TOOLS-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...