Total
1526 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15381 | 1 Cisco | 1 Unity Express | 2024-09-16 | N/A |
| A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. | ||||
| CVE-2018-1000832 | 1 Zoneminder | 1 Zoneminder | 2024-09-16 | N/A |
| ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | ||||
| CVE-2018-1999042 | 1 Jenkins | 1 Jenkins | 2024-09-16 | N/A |
| A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | ||||
| CVE-2020-4589 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | 9.8 Critical |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. | ||||
| CVE-2018-1851 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | N/A |
| IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. | ||||
| CVE-2021-25738 | 1 Kubernetes | 1 Java | 2024-09-16 | 6.7 Medium |
| Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | ||||
| CVE-2021-35215 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8.9 High |
| Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. | ||||
| CVE-2020-4305 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-09-16 | 8.8 High |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. | ||||
| CVE-2018-18240 | 1 Pippo | 1 Pippo | 2024-09-16 | N/A |
| Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | ||||
| CVE-2019-4561 | 1 Ibm | 1 Security Identity Manager | 2024-09-16 | 8.8 High |
| IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456. | ||||
| CVE-2018-1000210 | 1 Yamldotnet Project | 1 Yamldotnet | 2024-09-16 | N/A |
| YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. | ||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2016-8519 | 1 Hp | 1 Operations Orchestration | 2024-09-16 | N/A |
| A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | ||||
| CVE-2017-1000195 | 1 Octobercms | 1 October | 2024-09-16 | N/A |
| October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | ||||
| CVE-2021-36336 | 1 Dell | 1 Wyse Management Suite | 2024-09-16 | 9.8 Critical |
| Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. | ||||
| CVE-2018-18589 | 1 Microfocus | 1 Real User Monitoring | 2024-09-16 | N/A |
| A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | ||||
| CVE-2017-15089 | 2 Infinispan, Redhat | 6 Infinispan, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more | 2024-09-16 | N/A |
| It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks. | ||||
| CVE-2020-4682 | 1 Ibm | 3 Mq, Mq Appliance, Websphere Mq | 2024-09-16 | 9.8 Critical |
| IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | ||||
| CVE-2022-2830 | 1 Bitdefender | 1 Gravityzone | 2024-09-16 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2. | ||||
| CVE-2022-0749 | 1 Singoo | 1 Singoocms.utility | 2024-09-16 | 7.4 High |
| This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. | ||||