CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Oracle Java SE Security Updates (oct2019-5072832) 01 - Windows

Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Java SE Security Updates (oct2019-5072832) 01 - Linux

Oracle Java SE is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Java SE/Java SE Embedded CVE-2019-2983 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Serialization' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 1...

KLA11582 Multiple vulnerabilities in Oracle Java SE

Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. A vulnerability in Kerberos component can be exploited to bypass security restrictions; 2. A vulnerability in...

CVE-2017-10345

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...

CVE-2018-8018

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...

High severity vulnerability that affects PeterO.Cbor

Impact The CBOR library supports optional tags that enable CBOR objects to contain references to objects within them. Versions earlier than 4.0 resolved those references automatically. While this by itself doesn't cause much of a security problem, a denial of service can happen if those reference...

CVE-2019-9373

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

Deserialization of untrusted data

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

CVE-2019-9373

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

CVE-2019-9373

Technical details about CVE-2019-9373 are not provided in the supplied documents. Monitor for updates from official advisories; no specific affected products, payloads, or mitigations are disclosed here.

inoERP 4.15 - 'download' SQL Injection

Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...

EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or...

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...