Vulnerabilities (CVE)

Filtered by CWE-502
Total 1452 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27852 1 Checkbox 1 Survey 2024-07-03 7.5 HIGH 9.8 CRITICAL
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.
CVE-2024-34274 2024-07-03 N/A 3.9 LOW
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-29212 2024-07-03 N/A 9.9 CRITICAL
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVE-2024-24302 2024-07-03 N/A 9.8 CRITICAL
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.
CVE-2020-36184 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36182 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36181 4 Debian, Fasterxml, Netapp and 1 more 44 Debian Linux, Jackson-databind, Service Level Manager and 41 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 4 Debian, Fasterxml, Netapp and 1 more 43 Debian Linux, Jackson-databind, Cloud Backup and 40 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-11113 4 Debian, Fasterxml, Netapp and 1 more 32 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 29 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11112 4 Debian, Fasterxml, Netapp and 1 more 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11111 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 22 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-10969 4 Debian, Fasterxml, Netapp and 1 more 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968 4 Debian, Fasterxml, Netapp and 1 more 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10673 4 Debian, Fasterxml, Netapp and 1 more 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-10672 4 Debian, Fasterxml, Netapp and 1 more 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
CVE-2024-6441 2024-07-02 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely. Upgrading to version 1.80 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-270169 was assigned to this vulnerability.
CVE-2024-29040 2024-07-01 N/A 4.3 MEDIUM
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.
CVE-2021-31010 1 Apple 5 Ipados, Iphone Os, Mac Os X and 2 more 2024-06-28 5.0 MEDIUM 7.5 HIGH
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
CVE-2022-41082 1 Microsoft 1 Exchange Server 2024-06-28 N/A 8.0 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability