Lucene search
K

1730 matches found

Check Point Advisories
Check Point Advisories
added 2016/12/18 12:0 a.m.29 views

HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)

An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet...

7.5CVSS3.5AI score0.15618EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/17 12:0 a.m.17 views

Magento Community Edition 2.x < 2.0.6 Multiple Vulnerabilities

Binary data 9694.prm...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/09/01 12:0 a.m.26 views

McAfee ePolicy Orchestrator Arbitrary Code Execution Vulnerability (Sep 2016)

McAfee ePolicy Orchestrator is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.3CVSS8.7AI score0.02718EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2016/08/14 12:0 a.m.14 views

Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization (CVE-2013-2186)

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this...

7.5CVSS4.7AI score0.12768EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/08/10 12:0 a.m.29 views

Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization (CVE-2016-3642)

An insecure deserialization vulnerability has been reported in Solarwinds Virtualization Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker...

10CVSS9.4AI score0.13268EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2016/07/18 1:51 p.m.12 views

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

9.3CVSS7.8AI score0.06028EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2016/05/26 12:0 a.m.13 views

Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...

9CVSS3.5AI score0.82697EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2016/05/25 12:0 a.m.47 views

SUSE SLES10 Security Update : IBM Java 1.6.0 (SUSE-SU-2016:1388-1)

This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 CVE-2016-0376: insecure...

10CVSS7.3AI score0.92334EPSS
Exploits1References28
OSV
OSV
added 2016/05/20 9:6 p.m.11 views

SUSE-SU-2016:1379-1 Security update for java-1_6_0-ibm

This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...

10CVSS7.1AI score0.92334EPSS
Exploits1References15
CERT
CERT
added 2016/05/17 12:0 a.m.45 views

Chef Manage deserializes cookie data insecurely

Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...

9.8CVSS10AI score0.04194EPSS
Exploits0References3
OSV
OSV
added 2016/05/13 10:22 a.m.9 views

SUSE-SU-2016:1300-1 Security update for java-1_7_1-ibm

This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...

10CVSS7.1AI score0.92334EPSS
Exploits1References15
OSV
OSV
added 2016/05/13 10:21 a.m.6 views

SUSE-SU-2016:1299-1 Security update for java-1_7_1-ibm

This IBM Java 1.7.1 SR3 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM bsc977648 - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix bsc977650 - CVE-2016-0376: insecure...

10CVSS7.1AI score0.92334EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2016/05/11 2:9 p.m.6 views

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

9.3CVSS7.8AI score0.06028EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.50 views

RHEL 7 : java-1.8.0-ibm (RHSA-2016:0716)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0716 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

10CVSS7.2AI score0.92334EPSS
Exploits1References24
RedHat Linux
RedHat Linux
added 2016/04/29 5:50 p.m.9 views

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

9.3CVSS7.8AI score0.06028EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/29 5:50 p.m.7 views

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

9.3CVSS7.8AI score0.06028EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2015/12/21 12:0 a.m.46 views

Jenkins CI Server Commons-Collections Library Insecure Deserialization (CVE-2015-8103)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to deserialization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path...

7.5CVSS4.3AI score0.86829EPSS
Exploits12
CERT
CERT
added 2015/11/13 12:0 a.m.424 views

Apache Commons Collections Java library insecurely deserializes data

Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...

9.8CVSS8.8AI score0.18763EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2015/10/12 3:27 p.m.7 views

XStream: remote code execution due to insecure XML deserialization

It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...

9.8CVSS8AI score0.84362EPSS
Exploits5References7
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.4 views

XStream: remote code execution due to insecure XML deserialization

It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...

9.8CVSS8AI score0.84362EPSS
Exploits5References7
Rows per page
Query Builder