Total
934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37678 | 1 Google | 1 Tensorflow | 2021-08-19 | 4.6 MEDIUM | 8.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2021-37632 | 1 Config Lib Project | 1 Config Lib | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMartijn642's Config Lib, servers will send a packet to clients with the server's config values. In order to read `enum` values from the packet data, `ObjectInputStream#readObject` is used. `ObjectInputStream#readObject` will instantiate a class based on the input data. Since, the packet data is not validated before `ObjectInputStream#readObject` is called, an attacker can instantiate any class by sending a malicious packet. If a suitable class is found, the vulnerability can lead to a number of exploits, including remote code execution. Although the vulnerable packet is typically only send from server to client, it can theoretically also be send from client to server. This means both clients and servers running SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are vulnerable. The vulnerability has been patched in SuperMartijn642's Config lib 1.0.9. Both, players and server owners, should update to 1.0.9 or higher. | |||||
| CVE-2021-37544 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. | |||||
| CVE-2021-34371 | 1 Neo4j | 1 Neo4j | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains. | |||||
| CVE-2021-37578 | 1 Apache | 1 Juddi | 2021-08-11 | 6.8 MEDIUM | 9.8 CRITICAL |
| Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed. | |||||
| CVE-2020-5341 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance Firmware | 2021-08-05 | 10.0 HIGH | 9.8 CRITICAL |
| Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. | |||||
| CVE-2021-29781 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2021-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091. | |||||
| CVE-2021-35464 | 1 Forgerock | 2 Am, Openam | 2021-08-02 | 10.0 HIGH | 9.8 CRITICAL |
| ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier | |||||
| CVE-2021-34520 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-07-22 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468. | |||||
| CVE-2021-32742 | 1 Vapor Project | 1 Vapor | 2021-07-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that use the impacted function directly or through other dependencies. The vulnerability is patched in version 4.47.2. As a workaround, one may use an alternative to Vapor's built-in `Data.init(base32Encoded:)`. | |||||
| CVE-2020-4449 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. | |||||
| CVE-2020-9664 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-35938 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2021-07-21 | 6.0 MEDIUM | 8.8 HIGH |
| PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | |||||
| CVE-2020-28339 | 1 Collne | 1 Welcart E-commerce | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. | |||||
| CVE-2020-26165 | 1 Qdpm | 1 Qdpm | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. | |||||
| CVE-2020-26118 | 1 Smartbear | 1 Collaborator | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system. | |||||
| CVE-2020-2604 | 7 Canonical, Debian, Mcafee and 4 more | 25 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 22 more | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-24914 | 1 Qcubed | 1 Qcubed | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | |||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | |||||
| CVE-2020-12835 | 1 Smartbear | 1 Readyapi | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component. | |||||