SAP BusinessObjects Content Administrator workbench 输入验证错误漏洞

SAP BusinessObjects Content Administrator workbench is a software used to manage the report distribution function by SAP, Germany. An input validation error vulnerability exists in SAP BusinessObjects Content Administrator Workbench that stems from insufficient cleanup and could lead to the...

PT-2025-28656 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue is related to improper input validation. This occurs due to the bypassing of client-side validation for data types and the requiredness of fields for GRC Objects. When ...

UBUNTU-CVE-2025-38212

In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, 0 0: https://lore.kernel.org/all/[email protected]/ idrforeach is protected by rwsem, but thi...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in IBM WebSphere Application Server Versions 8.5 and 9.0. The vulnerability is in the processing of specially crafted serialized objects. This problem can be exploited by attackers to execute arbitrary code on the server. IBM has released updates to fix the...

CVE-2025-6661

PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

CVE-2025-36038 IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

CVE-2025-36038

CVE-2025-36038 affects IBM WebSphere Application Server 8.5 and 9.0. A remote attacker could execute arbitrary code by sending a specially crafted sequence of serialized objects (Deserialization of Untrusted Data, CWE-502). CVSS v3.1 base score 9.0–9.8 (network, high impact to confidentiality, in...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere...

PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via TokenReplace operations when handling input in some SkinObjects. An attacker can execute arbitrary...

SUSE CVE-2022-49963

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...

SUSE CVE-2022-50037

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...

SUSE CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability...

DEBIAN-CVE-2022-49963

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...