4276 matches found
GHSA-9VVP-FXW6-JCXR jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...
GHSA-27XJ-RQX5-2255 jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...
Insecure Deserialization
camel-netty is vulnerable to insecure deserialization. If no codec is specified, it allows objects deserialization using java serialization and deserialization by default rather than restricting only to Strings...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2020-1365)
The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.1.83. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1365 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...
TYPO3 9.0.0 < 9.5.17, 10.0.0 < 10.4.2 Multiple Vulnerabilities (TYPO3-CORE-SA-2020-002, TYPO3-CORE-SA-2020-004 to TYPO3-CORE-SA-2020-006)
TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if description...
Important: java-1.7.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with networ...
Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1424)
The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1424 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...
TylerTech Eagle 2018.3.11 Remote Code Execution
Exploit Title: TylerTech Eagle 2018.3.11 - Remote Code Execution Date: 2019-10-08 Exploit Author: Anthony Cole Vendor Homepage: https://www.tylertech.com/products/eagle Version: 2018.3.11 Tested on: Windows 2012 CVE: N/A Category: webapps Eagle is a software written in Java by TylerTech. Version...
Mozilla Firefox Code Issue Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 76, which stems from the program failing to properly serialize nsIPrincipal.origin for IPv6 addresses. A remote attacker could explo...
MongoDB 3.6 < 3.6.18, 4.0 < 4.0.15, 4.2 < 4.2.3, 4.3 < 4.3.3 Improper Serialization Vulnerability - Windows
MongoDB is prone to an improper serialization vulnerability in the authorization subsystem. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
MongoDB 3.6 < 3.6.18, 4.0 < 4.0.15, 4.2 < 4.2.3, 4.3 < 4.3.3 Improper Serialization Vulnerability - Linux
MongoDB is prone to an improper serialization vulnerability in the authorization subsystem. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
CVE-2020-12390
Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421)
The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.252.b09-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1421 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...
UBUNTU-CVE-2020-12390
Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...
CVE-2020-7921
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...
UBUNTU-CVE-2020-7921
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...
EulerOS Virtualization for ARM 64 3.0.2.0 : numpy (EulerOS-SA-2020-1545)
According to the version of the numpy packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remo...
java security update
CentOS Errata and Security Advisory CESA-2020:1507 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...