Total
934 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1000167 | 1 Oisf | 1 Suricata-update | 2018-05-22 | 9.3 HIGH | 7.8 HIGH |
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1. | |||||
CVE-2017-12149 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2018-05-19 | 7.5 HIGH | 9.8 CRITICAL |
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data. | |||||
CVE-2017-11143 | 1 Php | 1 Php | 2018-05-03 | 5.0 MEDIUM | 7.5 HIGH |
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. | |||||
CVE-2015-2020 | 1 Myscript | 1 Myscript | 2018-04-24 | 7.5 HIGH | 9.8 CRITICAL |
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
CVE-2017-15692 | 1 Apache | 1 Geode | 2018-03-23 | 7.5 HIGH | 9.8 CRITICAL |
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. | |||||
CVE-2017-15693 | 1 Apache | 1 Geode | 2018-03-23 | 6.0 MEDIUM | 7.5 HIGH |
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath. | |||||
CVE-2016-8511 | 1 Hp | 1 Network Automation | 2018-03-13 | 7.5 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | |||||
CVE-2017-5790 | 1 Hp | 1 Intelligent Management Center | 2018-03-07 | 10.0 HIGH | 9.8 CRITICAL |
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | |||||
CVE-2018-1000058 | 1 Jenkins | 1 Pipeline Supporting Apis | 2018-03-06 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | |||||
CVE-2017-12558 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
CVE-2017-12556 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
CVE-2016-8519 | 1 Hp | 1 Operations Orchestration | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | |||||
CVE-2018-1000045 | 1 Nasa | 1 Singledop | 2018-03-01 | 6.8 MEDIUM | 7.8 HIGH |
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. | |||||
CVE-2018-1000046 | 1 Nasa | 1 Pyblock | 2018-03-01 | 6.8 MEDIUM | 7.8 HIGH |
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. | |||||
CVE-2018-1000047 | 1 Nasa | 1 Kodiak | 2018-03-01 | 6.8 MEDIUM | 8.8 HIGH |
NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library. | |||||
CVE-2018-1000048 | 1 Nasa | 1 Rtretrievalframework | 2018-03-01 | 6.8 MEDIUM | 8.8 HIGH |
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file. | |||||
CVE-2017-4947 | 1 Vmware | 2 Vrealize Automation, Vsphere Integrated Containers | 2018-02-27 | 10.0 HIGH | 9.8 CRITICAL |
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. | |||||
CVE-2017-8967 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
CVE-2017-8962 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
CVE-2017-8963 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. |