Lucene search
K

4281 matches found

RedHat Linux
RedHat Linux
added 2020/02/11 8:31 a.m.77 views

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.04903EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/02/11 8:31 a.m.6 views

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

8.1CVSS7.3AI score0.04903EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/02/11 8:29 a.m.6 views

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

8.1CVSS7.3AI score0.04903EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/02/11 8:29 a.m.77 views

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.04903EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.194 views

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. Recent assessments: zeroSteiner at February 26, 2020 5:02pm UTC reported: This is a serialization bug...

9CVSS8.7AI score0.99965EPSS
In wildExploits30References6
BDU FSTEC
BDU FSTEC
added 2020/02/06 12:0 a.m.4 views

The vulnerability in the Serialization component of Oracle Java SE and Java SE Embedded software platforms allows a hacker to gain full control over the application.

The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...

8.1CVSS7.4AI score0.04903EPSS
Exploits0References14Affected Software8
BDU FSTEC
BDU FSTEC
added 2020/02/06 12:0 a.m.6 views

The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms allows a attacker to trigger a service failure.

The vulnerability of the Serialization component in Oracle Java SE and Java SE Embedded software platforms is related to the provision of unlimited memory resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

3.7CVSS6.4AI score0.0404EPSS
Exploits0References10Affected Software7
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/31 7:51 p.m.28 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j

Summary IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of Apache Log4j vulnerable to serialization gadgets. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper...

9.8CVSS3.3AI score0.6906EPSS
Exploits3Affected Software1
OpenWrt
OpenWrt
added 2020/01/31 12:0 a.m.39 views

Security Advisory 2020-01-31-2 - libubox tagged binary data JSON serialization vulnerability (CVE-2020-7248)

DESCRIPTION Possibly exploitable vulnerability exists in the libubox library of OpenWrt, specifically in the parts related to JSON conversion of tagged binary data, so called blobs. An attacker could possibly exploit this behavior by providing specially crafted binary blob or JSON which would the...

7.5CVSS8.1AI score0.02486EPSS
Exploits0References2
OSV
OSV
added 2020/01/30 6:28 p.m.10 views

MGASA-2020-0069 Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

8.1CVSS6.3AI score0.04903EPSS
Exploits0References4
Mageia
Mageia
added 2020/01/30 6:28 p.m.67 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

8.1CVSS7.4AI score0.04903EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.244 views

Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4257-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4257-1 advisory. It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use th...

8.1CVSS6.9AI score0.04903EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.45 views

CentOS 6 : java-1.8.0-openjdk (RHSA-2020:0157)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0157 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2020/01/29 12:0 a.m.45 views

Ubuntu: Security Advisory (USN-4257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.04903EPSS
Exploits0References2
Cent OS
Cent OS
added 2020/01/28 9:30 p.m.138 views

java security update

CentOS Errata and Security Advisory CESA-2020:0196 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

8.1CVSS6.6AI score0.04903EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2020/01/28 8:3 p.m.118 views

USN-4257-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2020-2583 It was discovered that OpenJDK incorrectly validated properties of SASL...

8.1CVSS6.7AI score0.04903EPSS
Exploits0
OSV
OSV
added 2020/01/28 8:3 p.m.2 views

USN-4257-1 openjdk-8, openjdk-lts vulnerabilities

It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2020-2583 It was discovered that OpenJDK incorrectly validated properties of SASL...

8.1CVSS6.7AI score0.04903EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/01/28 12:0 a.m.41 views

RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0231)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0231 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

8.1CVSS6.8AI score0.04903EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2020/01/28 12:0 a.m.53 views

RHEL 8 : java-11-openjdk (RHSA-2020:0232)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0232 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

8.1CVSS6.8AI score0.04903EPSS
Exploits0References16
OSV
OSV
added 2020/01/27 9:15 p.m.14 views

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

5.3CVSS5.1AI score0.00737EPSS
Exploits0References2
Rows per page
Query Builder