Total
934 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8964 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
CVE-2017-8965 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
CVE-2017-8966 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 9.0 HIGH | 8.8 HIGH |
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
CVE-2017-5792 | 1 Hp | 1 Intelligent Management Center | 2018-02-24 | 7.5 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |||||
CVE-2016-4385 | 1 Hp | 1 Network Automation | 2018-02-16 | 7.5 HIGH | 7.3 HIGH |
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. | |||||
CVE-2017-1000355 | 1 Jenkins | 1 Jenkins | 2018-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | |||||
CVE-2017-15703 | 1 Apache | 1 Nifi | 2018-02-12 | 3.5 LOW | 5.0 MEDIUM |
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
CVE-2016-7124 | 1 Php | 1 Php | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. | |||||
CVE-2017-17672 | 1 Vbulletin | 1 Vbulletin | 2018-01-02 | 7.5 HIGH | 9.8 CRITICAL |
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. | |||||
CVE-2017-8045 | 1 Pivotal Software | 1 Spring Advanced Message Queuing Protocol | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack. | |||||
CVE-2017-1000248 | 1 Redis-store | 1 Redis-store | 2017-12-04 | 7.5 HIGH | 9.8 CRITICAL |
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis | |||||
CVE-2017-12796 | 1 Openmrs | 1 Openmrs | 2017-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request. | |||||
CVE-2017-12628 | 1 Apache | 1 James Server | 2017-11-08 | 7.2 HIGH | 7.8 HIGH |
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library. | |||||
CVE-2015-5164 | 2 Pulpproject, Redhat | 2 Qpid, Satellite | 2017-11-08 | 9.0 HIGH | 7.2 HIGH |
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp. | |||||
CVE-2017-10932 | 1 Zte | 12 Nr8000tr, Nr8000tr Firmware, Nr8120 and 9 more | 2017-10-11 | 10.0 HIGH | 9.8 CRITICAL |
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
CVE-2016-8744 | 1 Apache | 1 Brooklyn | 2017-09-29 | 9.0 HIGH | 8.8 HIGH |
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability. | |||||
CVE-2017-12612 | 1 Apache | 1 Spark | 2017-09-26 | 7.2 HIGH | 7.8 HIGH |
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later. | |||||
CVE-2017-2292 | 1 Puppet | 1 Mcollective | 2017-09-05 | 7.5 HIGH | 9.0 CRITICAL |
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior. | |||||
CVE-2017-14035 | 1 Crushftp | 1 Crushftp | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
CrushFTP 8.x before 8.2.0 has a serialization vulnerability. | |||||
CVE-2017-4914 | 1 Vmware | 1 Vsphere Data Protection | 2017-08-12 | 7.5 HIGH | 9.8 CRITICAL |
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |