Lucene search
+L

49 matches found

OSV
OSV
added 2026/06/03 12:30 p.m.2 views

GHSA-V3PR-HXPR-MFM8 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS6.1AI score0.00468EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/03 12:25 p.m.12 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveProxyClass function. An attacker...

9.8CVSS5.9AI score0.00468EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 11:16 a.m.10 views

DEBIAN-CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.5AI score0.00468EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 11:16 a.m.11 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00468EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 9:39 a.m.11 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 9:39 a.m.7 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/03 9:39 a.m.13 views

EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/03 9:39 a.m.8 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.5AI score0.00468EPSS
Exploits0
CVE
CVE
added 2026/06/03 9:39 a.m.159 views

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/03 9:39 a.m.2 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.9AI score0.00468EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/03 9:39 a.m.44 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.27 views

PT-2026-45913

Name of the Vulnerable Software and Affected Versions Java affected versions not specified Description Two issues exist regarding Java deserialization filters. First, a filter bypass occurs when a serialized stream contains a TC PROXYCLASSDESC marker for a java.lang.reflect.Proxy. In this case,...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2020-0418)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6AI score0.03758EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2020:3359-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.7AI score0.03758EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/02/16 7:39 a.m.6 views

OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.1AI score0.03758EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/02/16 12:0 a.m.45 views

RHEL 8 : java-1.8.0-ibm (RHSA-2021:0530)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0530 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

4.3CVSS6.8AI score0.03758EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/12/16 3:21 p.m.75 views

Moderate: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

4.3CVSS6.4AI score0.03758EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.85 views

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:3359-1)

"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

5.8CVSS6.6AI score0.03758EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.91 views

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:3460-1)

This update for java-180-openjdk fixes the following issues : Fix regression '8250861: Crash in MinINode::IdealPhaseGVN, bool', introduced in October 2020 CPU. Update to version jdk8u272 icedtea 3.17.0 July 2020 CPU, bsc1174157, and October 2020 CPU, bsc1177943 - New features + JDK-8245468: Add...

8.3CVSS6.9AI score0.0435EPSS
Exploits0References35
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.81 views

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)

"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

5.8CVSS6.6AI score0.03758EPSS
Exploits0References18
Rows per page
Query Builder