Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28211 | 2024-08-05 | N/A | 9.8 CRITICAL | ||
| nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. | |||||
| CVE-2017-8804 | 1 Gnu | 1 Glibc | 2024-08-05 | 7.8 HIGH | 7.5 HIGH |
| The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references | |||||
| CVE-2018-18013 | 1 Citrix | 1 Xenmobile Server | 2024-08-05 | 7.2 HIGH | 7.8 HIGH |
| * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost. | |||||
| CVE-2019-12760 | 1 Parso Project | 1 Parso | 2024-08-05 | 6.0 MEDIUM | 3.3 LOW |
| A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration. | |||||
| CVE-2019-9212 | 1 Antfin | 1 Sofa-hessian | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated | |||||
| CVE-2019-6446 | 2 Fedoraproject, Numpy | 2 Fedora, Numpy | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources | |||||
| CVE-2020-29312 | 1 Zend | 1 Zend Framework | 2024-08-04 | N/A | 9.8 CRITICAL |
| An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020. | |||||
| CVE-2020-27583 | 1 Ibm | 1 Infosphere Information Server | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-22083 | 1 Jsonpickle Project | 1 Jsonpickle | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data | |||||
| CVE-2020-14933 | 1 Squirrelmail | 1 Squirrelmail | 2024-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded). | |||||
| CVE-2020-13092 | 1 Scikit-learn | 1 Scikit-learn | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner | |||||
| CVE-2020-13091 | 1 Numfocus | 1 Pandas | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner | |||||
| CVE-2021-35196 | 1 Theologeek | 1 Manuskript | 2024-08-04 | 6.8 MEDIUM | 7.8 HIGH |
| Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file | |||||
| CVE-2021-33026 | 1 Flask-caching Project | 1 Flask-caching | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision | |||||
| CVE-2021-3007 | 2 Getlaminas, Zend | 2 Laminas-http, Zend Framework | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized | |||||
| CVE-2022-46366 | 1 Apache | 1 Tapestry | 2024-08-03 | N/A | 9.8 CRITICAL |
| Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry. | |||||
| CVE-2022-45136 | 1 Apache | 1 Jena Sdb | 2024-08-03 | N/A | 9.8 CRITICAL |
| Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2. | |||||
| CVE-2022-38652 | 1 Vmware | 1 Hyperic Agent | 2024-08-03 | N/A | 9.9 CRITICAL |
| A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-38650 | 1 Vmware | 1 Hyperic Server | 2024-08-03 | N/A | 10.0 CRITICAL |
| A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-28500 | 1 Adobe | 1 Livecycle Es4 | 2024-08-02 | N/A | 9.8 CRITICAL |
| A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||