Search
Total
865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12000 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | |||||
| CVE-2020-1964 | 1 Apache | 1 Heron | 2020-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). | |||||
| CVE-2018-1000888 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Pear Archive Tar | 2020-06-15 | 6.8 MEDIUM | 8.8 HIGH |
| PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4. | |||||
| CVE-2020-4448 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2020-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. | |||||
| CVE-2020-4450 | 1 Ibm | 1 Websphere Application Server | 2020-06-09 | 10.0 HIGH | 9.8 CRITICAL |
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. | |||||
| CVE-2020-7660 | 1 Verizon | 1 Serialize-javascript | 2020-06-08 | 6.8 MEDIUM | 8.1 HIGH |
| serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". | |||||
| CVE-2016-3415 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | |||||
| CVE-2020-12390 | 1 Mozilla | 1 Firefox | 2020-05-29 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | |||||
| CVE-2020-3280 | 1 Cisco | 1 Unified Contact Center Express | 2020-05-27 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. | |||||
| CVE-2020-13091 | 1 Numfocus | 1 Pandas | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner. | |||||
| CVE-2020-13092 | 1 Scikit-learn | 1 Scikit-learn | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner. | |||||
| CVE-2018-4939 | 1 Adobe | 1 Coldfusion | 2020-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3066 | 1 Adobe | 1 Coldfusion | 2020-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-16112 | 1 Tylertech | 1 Eagle | 2020-05-15 | 6.5 MEDIUM | 8.8 HIGH |
| TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. | |||||
| CVE-2020-11067 | 1 Typo3 | 1 Typo3 | 2020-05-15 | 6.0 MEDIUM | 8.8 HIGH |
| In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | |||||
| CVE-2017-11284 | 1 Adobe | 1 Coldfusion | 2020-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||||
| CVE-2017-11283 | 1 Adobe | 1 Coldfusion | 2020-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||||
| CVE-2016-1114 | 1 Adobe | 1 Coldfusion | 2020-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2020-12760 | 1 Opennms | 2 Opennms Horizon, Opennms Meridian | 2020-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. | |||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2020-05-07 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-12469 | 1 Intelliants | 1 Subrion | 2020-05-05 | 5.5 MEDIUM | 6.5 MEDIUM |
| admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | |||||
| CVE-2020-10914 | 1 Veeam | 1 One | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400. | |||||
| CVE-2020-10915 | 1 Veeam | 1 One | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401. | |||||
| CVE-2020-12471 | 1 Mono | 1 Monox | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | |||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2020-04-28 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2020-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-0082 | 1 Google | 1 Android | 2020-04-24 | 7.2 HIGH | 7.8 HIGH |
| In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417434 | |||||
| CVE-2020-6219 | 1 Sap | 2 Businessobjects Business Intelligence Platform, Crystal Reports For Visual Studio | 2020-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. | |||||
| CVE-2019-10068 | 1 Kentico | 1 Kentico | 2020-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted. | |||||
| CVE-2020-11630 | 1 Primekey | 1 Ejbca | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized. | |||||
| CVE-2020-7610 | 1 Mongodb | 1 Bson | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type. | |||||
| CVE-2020-6967 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2020-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. | |||||
| CVE-2019-10867 | 1 Pimcore | 1 Pimcore | 2020-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php. | |||||
| CVE-2020-1947 | 1 Apache | 1 Shardingsphere | 2020-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. | |||||
| CVE-2020-8441 | 1 Jyaml Project | 1 Jyaml | 2020-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. | |||||
| CVE-2017-10992 | 1 Hp | 1 Storage Essentials | 2020-03-11 | 10.0 HIGH | 9.8 CRITICAL |
| In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461. | |||||
| CVE-2016-1487 | 1 Lexmark | 1 Markvision Enterprise | 2020-03-10 | 6.8 MEDIUM | 8.8 HIGH |
| Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. | |||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2020-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-5327 | 1 Dell | 1 Security Management Server | 2020-03-09 | 9.3 HIGH | 9.8 CRITICAL |
| Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2019-5326 | 1 Arubanetworks | 1 Airwave | 2020-03-03 | 6.5 MEDIUM | 7.2 HIGH |
| An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component. | |||||
| CVE-2020-2123 | 1 Jenkins | 1 Radargun | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2013-4521 | 1 Nuxeo | 1 Nuxeo | 2020-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. | |||||
| CVE-2020-6770 | 1 Bosch | 5 Bosch Video Management System Mobile Video Service, Divar Ip 3000, Divar Ip 3000 Firmware and 2 more | 2020-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed. | |||||
| CVE-2019-9212 | 1 Antfin | 1 Sofa-hessian | 2020-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated. | |||||
| CVE-2019-0189 | 1 Apache | 1 Ofbiz | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 | |||||
| CVE-2017-3199 | 1 Graniteds | 1 Graniteds | 2020-02-06 | 6.8 MEDIUM | 8.1 HIGH |
| The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | |||||
| CVE-2020-6959 | 1 Honeywell | 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. | |||||
| CVE-2017-3200 | 1 Graniteds | 1 Graniteds | 2020-02-05 | 6.8 MEDIUM | 8.1 HIGH |
| The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized. | |||||
| CVE-2020-3716 | 1 Magento | 1 Magento | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-17635 | 1 Eclipse | 1 Memory Analyzer | 2020-01-23 | 6.8 MEDIUM | 7.8 HIGH |
| Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. | |||||