44 matches found
CVE-2021-43142
An XML External Entity XXE vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput...
OSV-2023-1221 Security exception in jaz.Zer.reportFinding
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64488 Crash type: Security exception Crash state: jaz.Zer.reportFinding jaz.Zer.reportFindingIfEnabled jaz.Zer.readObject...
PT-2023-35613 · Git +1 · Apache Commons Lang
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the jaz.Zer class with methods reportFinding, reportFindingIfEnabled, and readObject. No information i...
SUSE CVE-2013-2185
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...
Deserialization Of Untrusted Data
scala-library is vulnerable to deserialization of untrusted data. The vulnerability exists because the readObject function in the LazyList.scala allows an attacker to erase the contents of arbitrary files, make network connections, or possibly run arbitrary code on Function0 via a gadget chain...
JOX 代码问题漏洞
JOX is a set of Java libraries. You can easily transfer data between XML documents and Java beans. JOX 1.16 version of the JOXSAXBeanInput module has a security vulnerability , the vulnerability stems from the JOXSAXBeanInput module's readObject method of the XML External Entity XXE: XML External...
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
EthereumJ Code Issues
EthereumJ is a Java language implementation of the Ethernet protocol. A code issue vulnerability exists in the crypto/ECKey.java file's decoder.readObject and the mine/Ethash.java file's ois.readObject in EthereumJ version 1.8.2. An attacker could exploit this vulnerability to execute arbitrary...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
Remote Code Execution (RCE)
hessian is vulnerable to remote code execution RCE attacks. The vulnerability exists due to lack of filtering of untrusted object in the function 'readObject', allowing an attacker to bypass the blacklist by sending malicious serialized Hessian objects...
EthereumJ Code Issues Vulnerabilities
EthereumJ is a Java language implementation of the Ethernet protocol. A code issue vulnerability exists in the crypto/ECKey.java file's decoder.readObject and the mine/Ethash.java file's ois.readObject in EthereumJ version 1.8.2. An attacker could exploit this vulnerability to execute arbitrary...