Search
Total
865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14030 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. | |||||
| CVE-2020-15172 | 1 Fluffycogs Project | 1 Fluffycogs | 2020-10-08 | 6.5 MEDIUM | 8.8 HIGH |
| The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible. | |||||
| CVE-2019-16774 | 1 Phpfastcache | 1 Phpfastcache | 2020-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. | |||||
| CVE-2019-2391 | 1 Mongodb | 1 Js-bson | 2020-09-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to. | |||||
| CVE-2018-16364 | 1 Zohocorp | 1 Manageengine Applications Manager | 2020-09-29 | 9.3 HIGH | 8.1 HIGH |
| A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | |||||
| CVE-2020-15188 | 1 Brassica | 1 Soy Cms | 2020-09-29 | 6.8 MEDIUM | 9.8 CRITICAL |
| SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328. | |||||
| CVE-2020-15148 | 1 Yiiframework | 1 Yii | 2020-09-22 | 7.5 HIGH | 10.0 CRITICAL |
| Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory. | |||||
| CVE-2020-7528 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2020-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | |||||
| CVE-2020-7532 | 1 Schneider-electric | 1 Scadapack X70 Security Administrator | 2020-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. | |||||
| CVE-2018-3784 | 1 Cryo Project | 1 Cryo | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | |||||
| CVE-2019-17570 | 2 Apache, Debian | 2 Xml-rpc, Debian Linux | 2020-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. | |||||
| CVE-2014-1420 | 1 Canonical | 1 Ubuntu-ui-toolkit | 2020-09-16 | 2.1 LOW | 3.3 LOW |
| On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. | |||||
| CVE-2018-15425 | 1 Cisco | 1 Identity Services Engine | 2020-09-16 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | |||||
| CVE-2020-4521 | 1 Ibm | 1 Maximo Asset Management | 2020-09-16 | 9.0 HIGH | 8.8 HIGH |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. | |||||
| CVE-2020-24164 | 1 Taoensso | 1 Nippy | 2020-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface. | |||||
| CVE-2020-24034 | 1 Sagemcom | 2 F\@st 5280 Router, F\@st 5280 Router Firmware | 2020-09-11 | 9.0 HIGH | 8.8 HIGH |
| Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise. | |||||
| CVE-2020-17405 | 1 Senstar | 1 Symphony | 2020-09-10 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980. | |||||
| CVE-2018-0147 | 1 Cisco | 1 Secure Access Control System | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988. | |||||
| CVE-2019-7840 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7091 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-15958 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-15965 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-15957 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-15959 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-14892 | 2 Fasterxml, Redhat | 7 Jackson-databind, Decision Manager, Jboss Data Grid and 4 more | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | |||||
| CVE-2018-19361 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | |||||
| CVE-2018-19362 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | |||||
| CVE-2018-14720 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Banking Platform and 9 more | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | |||||
| CVE-2018-19360 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||||
| CVE-2017-8804 | 1 Gnu | 1 Glibc | 2020-08-26 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references] | |||||
| CVE-2018-18240 | 1 Pippo | 1 Pippo | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | |||||
| CVE-2019-9365 | 1 Google | 1 Android | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537 | |||||
| CVE-2019-9061 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. | |||||
| CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||||
| CVE-2019-9056 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection. | |||||
| CVE-2019-9055 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. | |||||
| CVE-2019-8662 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary. | |||||
| CVE-2019-7743 | 1 Joomla | 1 Joomla\! | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. | |||||
| CVE-2019-6340 | 1 Drupal | 1 Drupal | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) | |||||
| CVE-2018-1000059 | 1 Validformbuilder | 1 Validform Builder | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. | |||||
| CVE-2018-1000210 | 1 Yamldotnet Project | 1 Yamldotnet | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. | |||||
| CVE-2018-1000525 | 1 Openpsa2 | 1 Openpsa | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. | |||||
| CVE-2019-20452 | 1 Pydio | 1 Pydio | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. | |||||
| CVE-2019-20453 | 1 Pydio | 1 Pydio | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution. | |||||
| CVE-2019-19909 | 1 Sfu | 1 Open Journal System | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used. | |||||
| CVE-2018-1000527 | 1 Froxlor | 1 Froxlor | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6. | |||||
| CVE-2018-1000641 | 1 Yeswiki | 1 Yeswiki | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | |||||
| CVE-2018-10085 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files. | |||||
| CVE-2018-14572 | 1 Pyconuk | 1 Conference-scheduler-cli | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | |||||
| CVE-2018-15576 | 1 Hazzardweb | 1 Easylogin Pro | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key. | |||||