GHSA-HMX9-JM3V-33HV InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

GHSA-25GW-4PCC-45CF Deserialization of Untrusted Data in Apache Batik

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

Rust buffoon crate has an unspecified vulnerability

Rust buffoon crate is a simple buffer library for the Rust Google protocol. a security vulnerability exists in Rust buffoon crate, which stems from the fact that InputStream::read exact can read data from an uninitialized memory location. No details of the vulnerability are currently available...

CVE-2020-36512

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

Memory corruption

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

CVE-2020-36512

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::readexact may read from uninitialized memory locations...

InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

RUSTSEC-2020-0154 InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

Arbitrary File Write

Packwood MPXJ is vulnerable to arbitrary file write. The vulnerability exists because it does not properly validate the path from inputStream, leading to the writing of files outside of the target directory...

Deserialization of untrusted data

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST)

A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client could use this...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

Ubuntu: Security Advisory (USN-1263-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST)

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

RHEL 5 / 6 : java-1.6.0-sun (RHSA-2011:1384)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1384 advisory. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes...

RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1380 advisory. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java R...