44 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-9541
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File...
CVE-2026-9541
A flaw was found in Squirrel, affecting the Cnut File Handler component. A local user can exploit a heap-based buffer overflow vulnerability by manipulating the ReadObject function. This could lead to a limited impact on the system's confidentiality, integrity, and availability...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadObject function in the Cnut File Handler process. An attacker can achieve arbitrary code execution, data corruption, or application crash by providing crafted input that triggers a heap-based buffe...
CVE-2026-9541
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
UBUNTU-CVE-2026-9541
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
CVE-2026-9541
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
CVE-2026-9541
CVE-2026-9541 affects Squirrel up to 3.2, specifically the ReadObject function in squirrel/sqobject.cpp of the Cnut File Handler. The issue is a heap-based buffer overflow triggered by manipulation of input, with local attack vectors. Public exploit has been released; the vendor was notified earl...
CVE-2026-9541 Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
CVE-2026-9541 Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
EUVD-2026-31813
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...
SQUIRREL 安全漏洞
SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had security vulnerabilities. These vulnerabilities were caused by improper handling of the ReadObject function in the Cnut File Handler component,...
PT-2026-43246
Name of the Vulnerable Software and Affected Versions Squirrel versions prior to 3.3 Description A heap-based buffer overflow occurs in the Cnut File Handler component within the ReadObject function of the squirrel/sqobject.cpp file. This issue allows a local attacker to perform a manipulation th...
CVE-2026-41586
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...
CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...
CVE-2026-41586
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...
MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.261-2.6.22.1.AXS4 (AXSA:2020-002:03)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-002:03 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...
MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...
EUVD-2025-205687
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...
CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...
PT-2025-53632
Name of the Vulnerable Software and Affected Versions Dromara Sa-Token versions up to 1.44.0 Description A weakness exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue affects the ObjectInputStream.readObject function within the SaJdkSerializer.java file...