CVE-2019-10912

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...

Denial Of Service (DoS)

Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown functionality of the component Serialization. An unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit causing a partial denial of...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 (RHSA-2019:1107)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1107 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...

[SECURITY] Fedora 29 Update: perl-YAML-1.28-1.fc29

The YAML.pm module implements a YAML Loader and Dumper based on the YAML 1.0 specification http://www.yaml.org/spec/. YAML is a generic data serializa tion language that is optimized for human readability. It can be used to express the data structures of most modern programming languages, includi...

[SECURITY] Fedora 30 Update: perl-YAML-1.28-1.fc30

The YAML.pm module implements a YAML Loader and Dumper based on the YAML 1.0 specification http://www.yaml.org/spec/. YAML is a generic data serializa tion language that is optimized for human readability. It can be used to express the data structures of most modern programming languages, includi...

Fedora Update for perl-YAML FEDORA-2019-1911b73cee

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for PyYAML FEDORA-2019-bed9afe622

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Facebook Thrift Denial of Service Vulnerability

Facebook Thrift is a branch of Apache Thrift from Facebook Inc. is a serialization and RPC framework for service communication. A security vulnerability exists in versions prior to Facebook Thrift 2019.02.18.00. An attacker can exploit the vulnerability by sending a short message via a malicious...

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization component causing partial denial of service conditions...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization component causing partial denial of service conditions...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization component causing partial denial of service conditions...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization component causing partial denial of service conditions...

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

Denial Of Service

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

Denial Of Service

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

Denial Of Service

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An unspecified vulnerability allows remote attackers to affect confidentiality via unknown vectors related to Serialization...

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An unspecified vulnerability allows remote attackers to affect availability via unknown vectors related to Serialization...