Search
Total
391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20221 | 1 Deltek | 1 Ajera | 2019-03-22 | 6.5 MEDIUM | 8.8 HIGH |
| Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application. | |||||
| CVE-2018-0824 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-12 | 5.1 MEDIUM | 7.5 HIGH |
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-1000005 | 1 Mpdf Project | 1 Mpdf | 2019-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8. | |||||
| CVE-2018-18013 | 1 Citrix | 1 Xenmobile Server | 2019-01-28 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost." | |||||
| CVE-2018-18987 | 1 Invt | 1 Vt-designer | 2018-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. | |||||
| CVE-2018-15514 | 1 Docker | 1 Docker | 2018-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. | |||||
| CVE-2018-15503 | 1 Swoole | 1 Swoole | 2018-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. | |||||
| CVE-2018-10513 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2018-10-26 | 7.2 HIGH | 7.8 HIGH |
| A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | |||||
| CVE-2016-9045 | 1 Processmaker | 1 Processmaker | 2018-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | |||||
| CVE-2018-7889 | 1 Calibre-ebook | 1 Calibre | 2018-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | |||||
| CVE-2018-14878 | 1 Jetbrains | 2 Dotpeek, Resharper Ultimate | 2018-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | |||||
| CVE-2016-4405 | 1 Hp | 1 Business Service Management | 2018-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 | |||||
| CVE-2016-4398 | 1 Hp | 1 Network Node Manager I | 2018-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | |||||
| CVE-2018-8349 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-09-10 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-1677 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2018-07-07 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999. | |||||
| CVE-2018-1310 | 1 Apache | 1 Nifi | 2018-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2018-10654 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 8.1 HIGH |
| There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-7891 | 2 Milestonesys, Siemens | 2 Xprotect, Siveillance Vms | 2018-06-13 | 6.8 MEDIUM | 8.1 HIGH |
| The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. | |||||
| CVE-2017-2295 | 2 Debian, Puppet | 2 Debian Linux, Puppet | 2018-05-24 | 6.0 MEDIUM | 8.2 HIGH |
| Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | |||||
| CVE-2018-1000167 | 1 Oisf | 1 Suricata-update | 2018-05-22 | 9.3 HIGH | 7.8 HIGH |
| OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1. | |||||
| CVE-2017-11143 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. | |||||
| CVE-2017-15693 | 1 Apache | 1 Geode | 2018-03-23 | 6.0 MEDIUM | 7.5 HIGH |
| In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath. | |||||
| CVE-2018-1000058 | 1 Jenkins | 1 Pipeline Supporting Apis | 2018-03-06 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | |||||
| CVE-2018-1000045 | 1 Nasa | 1 Singledop | 2018-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. | |||||
| CVE-2018-1000046 | 1 Nasa | 1 Pyblock | 2018-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. | |||||
| CVE-2018-1000047 | 1 Nasa | 1 Kodiak | 2018-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library. | |||||
| CVE-2018-1000048 | 1 Nasa | 1 Rtretrievalframework | 2018-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file. | |||||
| CVE-2017-8963 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2017-8964 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2017-8967 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2017-8962 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2017-8965 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2017-8966 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
| CVE-2016-4385 | 1 Hp | 1 Network Automation | 2018-02-17 | 7.5 HIGH | 7.3 HIGH |
| The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. | |||||
| CVE-2017-12628 | 1 Apache | 1 James Server | 2017-11-08 | 7.2 HIGH | 7.8 HIGH |
| The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library. | |||||
| CVE-2015-5164 | 2 Pulpproject, Redhat | 2 Qpid, Satellite | 2017-11-08 | 9.0 HIGH | 7.2 HIGH |
| The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp. | |||||
| CVE-2016-8744 | 1 Apache | 1 Brooklyn | 2017-09-29 | 9.0 HIGH | 8.8 HIGH |
| Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability. | |||||
| CVE-2017-12612 | 1 Apache | 1 Spark | 2017-09-26 | 7.2 HIGH | 7.8 HIGH |
| In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later. | |||||
| CVE-2017-1000034 | 1 Akka | 1 Akka | 2017-08-04 | 9.3 HIGH | 8.1 HIGH |
| Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. | |||||
| CVE-2017-8829 | 1 Debian | 1 Lintian | 2017-05-16 | 6.8 MEDIUM | 7.8 HIGH |
| Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | |||||
| CVE-2016-7065 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2016-12-23 | 6.5 MEDIUM | 8.8 HIGH |
| The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. | |||||