Microsoft Exchange Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user. Exploitation of this vulnerability requires that a use...

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists through an integer overflow in Modules/pickle.c, allowing for memory exhaustion when serializing gigabytes of data...

CVE-2017-10281

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacke...

CVE-2019-18631

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 18.8, 3.5.2 18.11, and 3.6.0 19.6 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers...

The vulnerability of the Serialization component in Oracle Java SE and Oracle Java SE Embedded software platforms allows a attacker to cause partial service disruption.

The vulnerability of the Serialization component in Oracle Java SE and Oracle Java SE Embedded software platforms is related to an exception handling error. Exploiting this vulnerability can allow a malicious actor to cause partial service interruption remotely...

CVE-2013-4751

php-symfony2-Validator has loss of information during serialization...

Session fixation

php-symfony2-Validator has loss of information during serialization...

CVE-2013-4751

The CVE-2013-4751 entry concerns Symfony2 Validator, where a caching path (e.g., APCache or other CacheInterface implementations) leads to loss of serialization data in the Mapping Cache. The consequence described in connected documents is that when the validator’s configuration is loaded from th...

CVE-2013-4751

php-symfony2-Validator has loss of information during serialization...

jackson-databind: Serialization gadgets in classes of the ehcache package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

CVE-2018-2815

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

CentOS 7 : java-1.7.0-openjdk (CESA-2019:3157)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 6 : java-1.8.0-openjdk (CESA-2019:3136)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...

java security update

CentOS Errata and Security Advisory CESA-2019:3157 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20191022)

Security Fixes : - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler Networking, 8223892 CVE-2019-2978 - OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection Networking, 8225298 CVE-2019-2989 - OpenJDK: Missing restrictions on use of custom SocketImpl...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20191022)

Security Fixes : - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler Networking, 8223892 CVE-2019-2978 - OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection Networking, 8225298 CVE-2019-2989 - OpenJDK: Missing restrictions on use of custom SocketImpl...

java security update

CentOS Errata and Security Advisory CESA-2019:3136 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

java security update

CentOS Errata and Security Advisory CESA-2019:3158 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...