Total
1487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24034 | 1 Sagemcom | 2 F\@st 5280 Router, F\@st 5280 Router Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise. | |||||
| CVE-2020-23653 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | |||||
| CVE-2020-23621 | 1 Squire-technologies | 1 Svi Ms Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | |||||
| CVE-2020-23620 | 1 Orlansoft | 1 Orlansoft Erp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | |||||
| CVE-2020-22083 | 1 Jsonpickle Project | 1 Jsonpickle | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data | |||||
| CVE-2020-20136 | 1 Quantconnect | 1 Lean | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. | |||||
| CVE-2020-1964 | 1 Apache | 1 Heron | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). | |||||
| CVE-2020-1948 | 1 Apache | 1 Dubbo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below. | |||||
| CVE-2020-1947 | 1 Apache | 1 Shardingsphere | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. | |||||
| CVE-2020-1439 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'. | |||||
| CVE-2020-19559 | 1 Dieboldnixdorf | 1 Agilis Xfs For Opteva | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. | |||||
| CVE-2020-19229 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. | |||||
| CVE-2020-17532 | 1 Apache | 1 Java Chassis | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5 | |||||
| CVE-2020-17531 | 1 Apache | 1 Tapestry | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version. | |||||
| CVE-2020-17405 | 1 Senstar | 1 Symphony | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980. | |||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-15842 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | |||||
| CVE-2020-15777 | 1 Gradle | 1 Maven | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization gadget chain. The socket is not bound exclusively to localhost. The port this socket is assigned to is randomly selected and is not intentionally exposed to the public (either by design or documentation). This could potentially be used to achieve remote code execution and local privilege escalation. | |||||
| CVE-2020-15244 | 1 Openmage | 1 Magento | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4. | |||||
| CVE-2020-15188 | 1 Brassica | 1 Soy Cms | 2024-11-21 | 6.8 MEDIUM | 10.0 CRITICAL |
| SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328. | |||||