8 matches found
CVE-2026-9828
CVE-2026-9828 is a deserialization whitelist bypass in Logback Core’s HardenedObjectInputStream. In affected builds up to 1.5.32, an attacker who can influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer could instantiate objects from java.lang and java.util that are not b...
Oracle OpenJDK 8.x - 11.x Vulnerability (Jul 2024)
Oracle OpenJDK is prone to a vulnerability in the core-libs/java.util component. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle OpenJDK 8.x - 11.x Vulnerability (Apr 2024)
Oracle OpenJDK is prone to a vulnerability in the core-libs/java.util component. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Stack overflow
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Java CPU CVE-2021-35561
Summary Java version 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.6 and earlier are affected by a flaw in the java.util component allows an attacker to inflict a denial of service via malicious serialized data which triggers an OutOfMemoryError. Vulnerability Details Refer to the security...
Amazon Corretto Java 17.x < 17.0.2.8.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is prior to 17 17.0.2.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2022-Jan-18 advisory. - core-libs/java.io:serialization CVE-2022-21248, CVE-2022-21341 - client-libs/javax.imageio...
Amazon Corretto Java 11.x < 11.0.13.8.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is prior to 11 11.0.13.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2021-Oct-19 advisory. - security-libs/javax.net.ssl CVE-2021-35550, CVE-2021-35578, CVE-2021-35603 -...
Amazon Corretto Java 8.x < 8.312.07.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is prior to 8 8.312.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2021-Oct-19 advisory. - security-libs/javax.net.ssl CVE-2021-35550, CVE-2021-35578, CVE-2021-35603 - client-libs/javax.swing...