14 matches found
CVE-2025-12053
The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...
Security update for s390-tools
This update for s390-tools fixes the following issues: CVE-2025-3416: s390-tools: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242622 Amended the .spec file Updated the 'service' file Removed the obsolete file 'cargoconfig' Updated 'cputype' and...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from being able to read the same value twice without locking it...
SUSE CVE-2017-14862
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...
jackson-databind: default typing mishandling leading to remote code execution
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...
jackson-databind: default typing mishandling leading to remote code execution
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...
jackson-databind: default typing mishandling leading to remote code execution
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
libtasn1: asn1_read_value_type() NULL pointer dereference
The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via a NULL value in an ivalue argument...
DEBIAN-CVE-2014-3469
The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via a NULL value in an ivalue argument...
UBUNTU-CVE-2014-3469
The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via a NULL value in an ivalue argument...
libtasn1: asn1_read_value_type() NULL pointer dereference
The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via a NULL value in an ivalue argument...