4273 matches found
[SECURITY] Fedora 31 Update: PyYAML-5.3-2.fc31
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
Exchange Control Panel ViewState Deserialization
This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...
RHEL 6 : java-1.7.0-openjdk (RHSA-2020:0632)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0632 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200227)
Security Fixes : - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS Security, 8229951 CVE-2020-2601 - OpenJDK: Serialization filter changes via jdk.serialFilter property modification Serialization, 8231422 CVE-2020-2604 - OpenJDK: Improper checks of SASL message properties in GssKrb5Base...
java security update
CentOS Errata and Security Advisory CESA-2020:0632 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
Design/Logic Flaw
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...
OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Important: Red Hat Security Advisory: java-1.7.0-openjdk security update
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2020:0456-1)
This update for java-171-ibm fixes the following issues : Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed : CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. CVE-2020-2593: Fixed an incorrect check in...
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2020-1345)
The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0.50. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1345 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking...
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1396)
The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1396 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Support...
Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications
This project inspects Java libraries and classpaths for gadget chains. Gadgets chains are used to construct exploits for deserialization vulnerabilities. By automatically discovering possible gadgets chains in an application's classpath penetration testers can quickly construct exploits and...
SUSE-SU-2020:14287-1 Security update for java-1_7_1-ibm
This update for java-171-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...
SUSE-SU-2020:14286-1 Security update for java-1_7_0-ibm
This update for java-170-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 bsc1162972, bsc1160968. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport bsc1162972. - CVE-2020-2593: Fixed an incorrect check in...
OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...
Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200218)
Security Fixes : - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS Security, 8229951 CVE-2020-2601 - OpenJDK: Serialization filter changes via jdk.serialFilter property modification Serialization, 8231422 CVE-2020-2604 - OpenJDK: Improper checks of SASL message properties in GssKrb5Base...
RHEL 7 : java-1.7.0-openjdk (RHSA-2020:0541)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0541 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...
Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-0541)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0541 advisory. 1:1.7.0.251-2.6.21.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.251-2.6.21.0 - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz1785753 Tenable h...
java security update
CentOS Errata and Security Advisory CESA-2020:0541 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...