Search
Total
391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11111 | 4 Debian, Fasterxml, Netapp and 1 more | 25 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 22 more | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | |||||
| CVE-2021-42130 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | |||||
| CVE-2020-10968 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). | |||||
| CVE-2020-10969 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | |||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2021-12-02 | 9.0 HIGH | 8.8 HIGH |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | |||||
| CVE-2020-14933 | 1 Squirrelmail | 1 Squirrelmail | 2021-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded). . | |||||
| CVE-2020-15244 | 1 Openmage | 1 Magento | 2021-11-18 | 6.5 MEDIUM | 7.2 HIGH |
| In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4. | |||||
| CVE-2018-10911 | 3 Debian, Gluster, Redhat | 6 Debian Linux, Glusterfs, Enterprise Linux Desktop and 3 more | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | |||||
| CVE-2020-14062 | 4 Debian, Fasterxml, Netapp and 1 more | 13 Debian Linux, Jackson-databind, Active Iq Unified Manager and 10 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | |||||
| CVE-2020-14060 | 3 Fasterxml, Netapp, Oracle | 12 Jackson-databind, Active Iq Unified Manager, Steelstore Cloud Integrated Storage and 9 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | |||||
| CVE-2020-14195 | 4 Debian, Fasterxml, Netapp and 1 more | 14 Debian Linux, Jackson-databind, Active Iq Unified Manager and 11 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | |||||
| CVE-2020-14061 | 4 Debian, Fasterxml, Netapp and 1 more | 15 Debian Linux, Jackson-databind, Active Iq Unified Manager and 12 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | |||||
| CVE-2021-34992 | 1 Orckestra | 1 C1 Cms | 2021-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740. | |||||
| CVE-2021-26558 | 1 Apache | 1 Shardingsphere-ui | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. | |||||
| CVE-2021-42698 | 1 Azeotech | 1 Daqfactory | 2021-11-09 | 6.8 MEDIUM | 7.8 HIGH |
| Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. | |||||
| CVE-2021-35215 | 1 Solarwinds | 1 Orion Platform | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. | |||||
| CVE-2021-35218 | 1 Solarwinds | 1 Orion Platform | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server | |||||
| CVE-2021-35216 | 1 Solarwinds | 1 Patch Manager | 2021-11-03 | 9.0 HIGH | 8.8 HIGH |
| Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution. | |||||
| CVE-2021-35217 | 1 Solarwinds | 1 Patch Manager | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data. | |||||
| CVE-2019-10135 | 1 Osbs-client Project | 1 Osbs-client | 2021-11-02 | 6.5 MEDIUM | 7.2 HIGH |
| A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files. | |||||
| CVE-2021-41078 | 1 Nameko | 1 Nameko | 2021-10-29 | 6.8 MEDIUM | 7.8 HIGH |
| Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. | |||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2021-10-28 | 4.6 MEDIUM | 7.8 HIGH |
| The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | |||||
| CVE-2021-39321 | 1 Heateor | 1 Sassy Social Share | 2021-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function. | |||||
| CVE-2021-40843 | 1 Proofpoint | 1 Insider Threat Management Server | 2021-10-19 | 6.9 MEDIUM | 7.3 HIGH |
| Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected. | |||||
| CVE-2021-41129 | 1 Pterodactyl | 1 Panel | 2021-10-18 | 6.8 MEDIUM | 8.1 HIGH |
| Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. | |||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | |||||
| CVE-2021-3035 | 1 Paloaltonetworks | 1 Bridgecrew Checkov | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted. | |||||
| CVE-2021-0685 | 1 Google | 1 Android | 2021-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353 | |||||
| CVE-2021-41588 | 1 Gradle | 1 Gradle | 2021-10-01 | 6.8 MEDIUM | 8.1 HIGH |
| In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. | |||||
| CVE-2017-4995 | 1 Vmware | 1 Spring Security | 2021-09-27 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing. | |||||
| CVE-2020-28948 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2021-09-25 | 6.8 MEDIUM | 7.8 HIGH |
| Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | |||||
| CVE-2021-39207 | 1 Facebook | 1 Parlai | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. | |||||
| CVE-2021-36766 | 1 Concretecms | 1 Concrete Cms | 2021-09-22 | 6.5 MEDIUM | 7.2 HIGH |
| Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. | |||||
| CVE-2019-18631 | 1 Centrify | 3 Authentication Service, Infrastructure Services, Privilege Elevation Service | 2021-09-13 | 5.1 MEDIUM | 7.8 HIGH |
| The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file. | |||||
| CVE-2021-32568 | 1 Mrdoc | 1 Mrdoc | 2021-09-09 | 6.8 MEDIUM | 7.8 HIGH |
| mrdoc is vulnerable to Deserialization of Untrusted Data | |||||
| CVE-2021-36231 | 1 Unit4 | 1 Mik.starlight | 2021-09-08 | 9.0 HIGH | 8.8 HIGH |
| Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. | |||||
| CVE-2018-6162 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-39132 | 1 Pagerduty | 1 Rundeck | 2021-09-08 | 6.5 MEDIUM | 8.8 HIGH |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition. The zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions:`admin` level access to the `system` resource type. The ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: `create` `update` or `admin` level access to a `project_acl` resource, and/or`create` `update` or `admin` level access to the `system_acl` resource. The unauthorized POST request requires authentication, but no specific authorization, and affects Rundeck Enterprise only. Patches are available in versions 3.4.3, 3.3.14 | |||||
| CVE-2021-36981 | 1 Sernet | 1 Verinice | 2021-09-07 | 9.0 HIGH | 8.8 HIGH |
| In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. | |||||
| CVE-2021-24579 | 1 Bold-themes | 1 Bold Page Builder | 2021-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases. | |||||
| CVE-2021-38585 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | |||||
| CVE-2021-37678 | 1 Google | 1 Tensorflow | 2021-08-19 | 4.6 MEDIUM | 8.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2021-37632 | 1 Config Lib Project | 1 Config Lib | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMartijn642's Config Lib, servers will send a packet to clients with the server's config values. In order to read `enum` values from the packet data, `ObjectInputStream#readObject` is used. `ObjectInputStream#readObject` will instantiate a class based on the input data. Since, the packet data is not validated before `ObjectInputStream#readObject` is called, an attacker can instantiate any class by sending a malicious packet. If a suitable class is found, the vulnerability can lead to a number of exploits, including remote code execution. Although the vulnerable packet is typically only send from server to client, it can theoretically also be send from client to server. This means both clients and servers running SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are vulnerable. The vulnerability has been patched in SuperMartijn642's Config lib 1.0.9. Both, players and server owners, should update to 1.0.9 or higher. | |||||
| CVE-2021-27277 | 1 Solarwinds | 1 Orion Platform | 2021-07-20 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11955. | |||||
| CVE-2021-29485 | 1 Ratpack Project | 1 Ratpack | 2021-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session mechanism, it is not vulnerable. Ratpack 1.9.0 introduces a strict allow-list mechanism that mitigates this vulnerability when used. Two possible workarounds exist. The simplest mitigation for users of earlier versions is to reduce the likelihood of attackers being able to write to the session data store. Alternatively or additionally, the allow-list mechanism could be manually back ported by providing an alternative implementation of `SessionSerializer` that uses an allow-list. | |||||
| CVE-2021-22439 | 1 Huawei | 1 Anyoffice | 2021-07-02 | 9.3 HIGH | 8.1 HIGH |
| There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. | |||||
| CVE-2016-4483 | 3 Debian, Oracle, Xmlsoft | 3 Debian Linux, Solaris, Libxml2 | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. | |||||
| CVE-2021-35196 | 1 Theologeek | 1 Manuskript | 2021-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file. | |||||
| CVE-2021-3040 | 1 Paloaltonetworks | 1 Bridgecrew Checkov | 2021-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted. | |||||
| CVE-2021-33898 | 1 Invoiceninja | 1 Invoice Ninja | 2021-06-15 | 6.8 MEDIUM | 8.1 HIGH |
| In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result in remote code execution. The attacker's input must be hosted at http://www.geoplugin.net (cleartext HTTP), and thus a successful attack requires spoofing that site or obtaining control of it. | |||||