Total
2419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12241 | 1 Carts.guru | 1 Carts Guru | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
|
|||||
| CVE-2019-12240 | 1 Virim Project | 1 Virim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
|
|||||
| CVE-2019-12086 | 2 Debian, Fasterxml | 2 Debian Linux, Jackson-databind | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing ...
Show More |
|||||
| CVE-2019-12017 | 1 Mapr | 1 Mapr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which Java class this JSON request is deserialized to. By doing so, the attacker can force the MapR CLDB to construct a URLClassLoader which loads a malicious Java class from a remote path and instantiate this ...
Show More |
|||||
| CVE-2019-11956 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-11950 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-11945 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-11944 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-11831 | 5 Debian, Drupal, Fedoraproject and 2 more | 5 Debian Linux, Drupal, Fedora and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
|
|||||
| CVE-2019-11830 | 1 Typo3 | 1 Pharstreamwrapper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.
|
|||||
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
|
|||||
| CVE-2019-11286 | 1 Vmware | 2 Gemfire, Tanzu Gemfire For Virtual Machines | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
|
|||||
| CVE-2019-11080 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
|
|||||
| CVE-2019-11030 | 1 Mirasys | 1 Mirasys Vms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.
|
|||||
| CVE-2019-11011 | 1 Akamai | 1 Cloudtest | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Akamai CloudTest before 58.30 allows remote code execution.
|
|||||
| CVE-2019-10924 | 1 Siemens | 1 Logo\! Soft Comfort | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of adviso ...
Show More |
|||||
| CVE-2019-10912 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 6.5 MEDIUM | 7.1 HIGH |
|
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
|
|||||
| CVE-2019-10867 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
|
|||||
| CVE-2019-10202 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
|
|||||
| CVE-2019-10135 | 1 Osbs-client Project | 1 Osbs-client | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
|
|||||
| CVE-2019-10086 | 6 Apache, Debian, Fedoraproject and 3 more | 60 Commons Beanutils, Nifi, Debian Linux and 57 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
|
|||||
| CVE-2019-10069 | 1 Godotengine | 1 Godot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
|
|||||
| CVE-2019-1010306 | 1 Teller | 1 Slanger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3.
|
|||||
| CVE-2019-1000005 | 1 Mpdf Project | 1 Mpdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8.
|
|||||
| CVE-2019-0195 | 1 Apache | 1 Tapestry | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.
|
|||||
| CVE-2019-0192 | 2 Apache, Netapp | 2 Solr, Storage Automation Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
|
|||||
| CVE-2019-0189 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually ...
Show More |
|||||
| CVE-2019-0187 | 1 Apache | 1 Jmeter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.
|
|||||
| CVE-2018-9843 | 1 Cyberark | 1 Password Vault | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
|
|||||
| CVE-2018-8349 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8021 | 1 Apache | 1 Superset | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
|
|||||
| CVE-2018-8018 | 1 Apache | 1 Ignite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.
|
|||||
| CVE-2018-8013 | 4 Apache, Canonical, Debian and 1 more | 21 Batik, Ubuntu Linux, Debian Linux and 18 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
|
|||||
| CVE-2018-7891 | 2 Milestonesys, Siemens | 2 Xprotect, Siveillance Vms | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
|
|||||
| CVE-2018-7889 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
|
|||||
| CVE-2018-7529 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server.
|
|||||
| CVE-2018-7489 | 4 Debian, Fasterxml, Oracle and 1 more | 5 Debian Linux, Jackson-databind, Communications Billing And Revenue Management and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
|
|||||
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
|
|||||
| CVE-2018-6496 | 1 Microfocus | 1 Universal Cmbd Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
|
|||||
| CVE-2018-6162 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||