4281 matches found
Important: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...
OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...
Important: Red Hat Security Advisory: java-1.7.1-ibm security update
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. Recent assessments: zeroSteiner at February 26, 2020 5:02pm UTC reported: This is a serialization bug...
The vulnerability in the Serialization component of Oracle Java SE and Java SE Embedded software platforms allows a hacker to gain full control over the application.
The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms allows a attacker to trigger a service failure.
The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to the provision of unlimited memory resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j
Summary IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of Apache Log4j vulnerable to serialization gadgets. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper...
Security Advisory 2020-01-31-2 - libubox tagged binary data JSON serialization vulnerability (CVE-2020-7248)
DESCRIPTION Possibly exploitable vulnerability exists in the libubox library of OpenWrt, specifically in the parts related to JSON conversion of tagged binary data, so called blobs. An attacker could possibly exploit this behavior by providing specially crafted binary blob or JSON which would the...
MGASA-2020-0069 Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...
Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4257-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4257-1 advisory. It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use th...
CentOS 6 : java-1.8.0-openjdk (RHSA-2020:0157)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0157 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...
Ubuntu: Security Advisory (USN-4257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
java security update
CentOS Errata and Security Advisory CESA-2020:0196 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
USN-4257-1: OpenJDK vulnerabilities
It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2020-2583 It was discovered that OpenJDK incorrectly validated properties of SASL...
USN-4257-1 openjdk-8, openjdk-lts vulnerabilities
It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2020-2583 It was discovered that OpenJDK incorrectly validated properties of SASL...
RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0231)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0231 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...
RHEL 8 : java-11-openjdk (RHSA-2020:0232)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0232 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...
CVE-2020-5220
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...