Total
1209 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20221 | 1 Deltek | 1 Ajera | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application. | |||||
CVE-2017-18365 | 1 Github | 1 Github | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects. | |||||
CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||||
CVE-2018-20984 | 1 Patreon | 1 Patreon Wordpress | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. | |||||
CVE-2019-5069 | 1 Epignosishq | 1 Efront Lms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | |||||
CVE-2019-11831 | 5 Debian, Drupal, Fedoraproject and 2 more | 5 Debian Linux, Drupal, Fedora and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | |||||
CVE-2019-16317 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | |||||
CVE-2019-11458 | 1 Cakefoundation | 1 Cakephp | 2023-12-10 | 6.4 MEDIUM | 7.5 HIGH |
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction. | |||||
CVE-2019-10068 | 1 Kentico | 1 Kentico | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted. | |||||
CVE-2019-15780 | 1 Strategy11 | 1 Formidable Form Builder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | |||||
CVE-2019-10069 | 1 Godotengine | 1 Godot | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. | |||||
CVE-2019-9056 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection. | |||||
CVE-2019-10086 | 6 Apache, Debian, Fedoraproject and 3 more | 60 Commons Beanutils, Nifi, Debian Linux and 57 more | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. | |||||
CVE-2019-0192 | 2 Apache, Netapp | 2 Solr, Storage Automation Store | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. | |||||
CVE-2019-11944 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
CVE-2019-15321 | 1 Optiontree Project | 1 Optiontree | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. | |||||
CVE-2019-12241 | 1 Carts.guru | 1 Carts Guru | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php. | |||||
CVE-2019-5434 | 1 Revive-sas | 1 Revive Adserver | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0. | |||||
CVE-2019-0189 | 1 Apache | 1 Ofbiz | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16 | |||||
CVE-2019-4279 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. |