Lucene search
K

4273 matches found

Fedora
Fedora
added 2020/02/29 10:32 p.m.34 views

[SECURITY] Fedora 31 Update: PyYAML-5.3-2.fc31

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

9.8CVSS1.7AI score0.05031EPSS
Exploits1
Metasploit
Metasploit
added 2020/02/28 2:57 a.m.148 views

Exchange Control Panel ViewState Deserialization

This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...

8.8CVSS0.6AI score0.99965EPSS
Exploits30
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.27 views

RHEL 6 : java-1.7.0-openjdk (RHSA-2020:0632)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0632 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...

8.1CVSS6.8AI score0.04903EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.40 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200227)

Security Fixes : - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS Security, 8229951 CVE-2020-2601 - OpenJDK: Serialization filter changes via jdk.serialFilter property modification Serialization, 8231422 CVE-2020-2604 - OpenJDK: Improper checks of SASL message properties in GssKrb5Base...

8.1CVSS6.4AI score0.04903EPSS
Exploits0References8
Cent OS
Cent OS
added 2020/02/27 10:12 p.m.143 views

java security update

CentOS Errata and Security Advisory CESA-2020:0632 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

8.1CVSS6.6AI score0.04903EPSS
Exploits0References7
Prion
Prion
added 2020/02/27 5:15 p.m.18 views

Design/Logic Flaw

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...

6.5CVSS7.2AI score0.01936EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/02/27 3:34 p.m.1 views

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.4AI score0.0404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/27 3:34 p.m.71 views

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.6AI score0.04903EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/02/27 3:34 p.m.4 views

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

8.1CVSS7.3AI score0.04903EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/02/26 12:0 a.m.38 views

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2020:0456-1)

This update for java-171-ibm fixes the following issues : Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed : CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. CVE-2020-2593: Fixed an incorrect check in...

8.1CVSS6.4AI score0.04903EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/02/24 12:0 a.m.59 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2020-1345)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0.50. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1345 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2020/02/24 12:0 a.m.36 views

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1396)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1396 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Support...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References15
Kitploit
Kitploit
added 2020/02/22 9:0 p.m.144 views

Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications

This project inspects Java libraries and classpaths for gadget chains. Gadgets chains are used to construct exploits for deserialization vulnerabilities. By automatically discovering possible gadgets chains in an application's classpath penetration testers can quickly construct exploits and...

7.5AI score
Exploits0References2
OSV
OSV
added 2020/02/21 1:35 p.m.8 views

SUSE-SU-2020:14287-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

8.1CVSS6.1AI score0.04903EPSS
Exploits0References7
OSV
OSV
added 2020/02/20 10:5 a.m.8 views

SUSE-SU-2020:14286-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...

8.1CVSS6.1AI score0.04903EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/02/19 7:49 a.m.4 views

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

8.1CVSS7.3AI score0.04903EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/02/19 12:0 a.m.68 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200218)

Security Fixes : - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS Security, 8229951 CVE-2020-2601 - OpenJDK: Serialization filter changes via jdk.serialFilter property modification Serialization, 8231422 CVE-2020-2604 - OpenJDK: Improper checks of SASL message properties in GssKrb5Base...

8.1CVSS6.4AI score0.04903EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/02/19 12:0 a.m.47 views

RHEL 7 : java-1.7.0-openjdk (RHSA-2020:0541)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0541 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...

8.1CVSS6.8AI score0.04903EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2020/02/19 12:0 a.m.37 views

Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-0541)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0541 advisory. 1:1.7.0.251-2.6.21.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.251-2.6.21.0 - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz1785753 Tenable h...

8.1CVSS6.6AI score0.04903EPSS
Exploits0References8
Cent OS
Cent OS
added 2020/02/18 10:20 p.m.141 views

java security update

CentOS Errata and Security Advisory CESA-2020:0541 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

8.1CVSS6.6AI score0.04903EPSS
Exploits0References7
Rows per page
Query Builder