513 matches found
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
VMware vSphere Data Protection (VDP) Multiple Vulnerabilities
VMware vSphere Data Protection VDP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2019-5314
Name of the Vulnerable Software and Affected Versions Log4j versions 1.2 up to 1.2.17 Description The issue is related to the deserialization of untrusted data in the SocketServer class of Log4j 1.2, which can be exploited to remotely execute arbitrary code when combined with a deserialization...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
CVE-2017-4914
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance...
CVE-2017-4914
CVE-2017-4914 affects VMware vSphere Data Protection (VDP) 5.5.x, 5.8.x, 6.0.x, and 6.1.x. The root cause is Java deserialization leading to arbitrary code execution on the appliance when processing crafted input (remote attacker). In the OpenVAS/Nessus entries, this is described as multiple vuln...
UBUNTU-CVE-2017-8829
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file...
Error When Adding New Provisioned Machines to the Machine Catalog in Studio
Error when adding new provisioned servers to the machine catalog - Error stated the following: "The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://tempuri.org/:records. The InnerException message was 'Invalid...
UBUNTU-CVE-2016-5772
Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...
PT-2016-3367
Name of the Vulnerable Software and Affected Versions Pivotal Spring Framework versions prior to 6.0.0 Pivotal Spring Framework versions 4.2.6 and 3.2.17 Pivotal Spring Framework versions 5.3.0 through 5.3.16 Description The issue is related to the implementation of the readRemoteInvocation metho...
OpenJDK: URL deserialization inconsistencies (Networking, 8059054)
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking...
OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...
CVE-2011-4104
The fromyaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...