Total
1210 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0692 | 2024-03-01 | N/A | 8.8 HIGH | ||
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. | |||||
CVE-2024-23328 | 2024-02-29 | N/A | 9.1 CRITICAL | ||
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0. | |||||
CVE-2023-51518 | 2024-02-27 | N/A | N/A | ||
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to: - Upgrade to a non-vulnerable Apache James version - Run Apache James isolated from other processes (docker - dedicated virtual machine) - If possible turn off JMX | |||||
CVE-2023-51389 | 2024-02-22 | N/A | 9.8 CRITICAL | ||
Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability. | |||||
CVE-2024-25117 | 2024-02-22 | N/A | 6.8 MEDIUM | ||
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue. | |||||
CVE-2024-23478 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 8.0 HIGH |
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. | |||||
CVE-2023-40057 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 9.0 CRITICAL |
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | |||||
CVE-2024-22369 | 2024-02-20 | N/A | N/A | ||
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 | |||||
CVE-2024-1651 | 2024-02-20 | N/A | 10.0 CRITICAL | ||
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | |||||
CVE-2024-23114 | 2024-02-20 | N/A | N/A | ||
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 | |||||
CVE-2022-45047 | 1 Apache | 1 Sshd | 2024-02-16 | N/A | 9.8 CRITICAL |
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. | |||||
CVE-2022-41678 | 1 Apache | 1 Activemq | 2024-02-16 | N/A | 8.8 HIGH |
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. | |||||
CVE-2015-7501 | 1 Redhat | 15 Data Grid, Jboss A-mq, Jboss Bpm Suite and 12 more | 2024-02-16 | 10.0 HIGH | 9.8 CRITICAL |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
CVE-2024-24590 | 1 Clear | 1 Clearml | 2024-02-15 | N/A | 8.8 HIGH |
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with. | |||||
CVE-2023-51505 | 1 Pluginus | 1 Woot | 2024-02-15 | N/A | 9.8 CRITICAL |
Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6. | |||||
CVE-2023-6933 | 1 Wpengine | 1 Better Search Replace | 2024-02-14 | N/A | 9.8 CRITICAL |
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
CVE-2023-26592 | 2024-02-14 | N/A | 3.8 LOW | ||
Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
CVE-2024-0668 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-02-13 | N/A | 7.2 HIGH |
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
CVE-2024-25100 | 2024-02-12 | N/A | 10.0 CRITICAL | ||
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | |||||
CVE-2024-24796 | 2024-02-12 | N/A | 8.2 HIGH | ||
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. |