CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

768 matches found

Tenable Nessus•added 2022/12/23 12:0 a.m.•37 views

Fedora 36 : scala (2022-34acf878fb)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-34acf878fb advisory. Security fix for CVE-2022-36944. See https://github.com/scala/scala/releases/tag/v2.13.9 for other changes in scala 2.13.9. Tenable has extracted th...

9.8CVSS7.4AI score0.67806EPSS

Exploits1References2

Tenable Nessus•added 2022/12/23 12:0 a.m.•30 views

Fedora 35 : scala (2022-07dd9375b2)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-07dd9375b2 advisory. Security fix for CVE-2022-36944. See https://github.com/scala/scala/releases/tag/v2.13.9 for other changes in scala 2.13.9. Tenable has extracted th...

9.8CVSS7.4AI score0.67806EPSS

Exploits1References2

RedHat Linux•added 2022/12/13 1:20 p.m.•2 views

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

9.8CVSS6.8AI score0.05991EPSS

Exploits1References5

RedhatCVE•added 2022/11/23 1:56 p.m.•55 views

CVE-2022-45047

9.8CVSS9.2AI score0.05991EPSS

Exploits1References4

Github Security Blog•added 2022/11/16 12:0 p.m.•47 views

Unsafe deserialization in Apache MINA SSHD

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

9.8CVSS9AI score0.05991EPSS

Exploits1References6Affected Software2

NVD•added 2022/11/16 9:15 a.m.•28 views

CVE-2022-45047

9.8CVSS0.05991EPSS

Exploits1References2

OSV•added 2022/11/16 9:15 a.m.•48 views

CVE-2022-45047

9.8CVSS9.4AI score

Exploits0References2

CVE•added 2022/11/16 12:0 a.m.•486 views

CVE-2022-45047

CVE-2022-45047 affects Apache MINA SSHD (SSHD) where SimpleGeneratorHostKeyProvider uses Java deserialization to load a PrivateKey, enabling remote authenticated code execution via unsafe deserialization. The issue is in MINA SSHD

9.8CVSS9.4AI score0.05991EPSS

Exploits1References2Affected Software1

Debian CVE•added 2022/11/16 12:0 a.m.•17 views

CVE-2022-45047

9.8CVSS6.6AI score0.05991EPSS

Exploits1

Kitploit•added 2022/10/30 11:30 a.m.•30 views

Ermir - An Evil Java RMI Registry

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it list/lookup/bind/rebind/unbind. Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git...

7.8AI score

Exploits0References9

Talos•added 2022/10/10 12:0 a.m.•130 views

VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability

Talos Vulnerability Report TALOS-2022-1587 VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability October 10, 2022 CVE Number CVE-2022-31680 SUMMARY An unsafe deserialization vulnerability exists in the Platform Services Controller functionality of VMware vCenter...

9.1CVSS9.6AI score0.03363EPSS

Exploits1

Github Security Blog•added 2022/09/25 12:0 a.m.•45 views

Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make netwo...

9.8CVSS9.3AI score0.67806EPSS

Exploits1References9Affected Software1

NVD•added 2022/09/23 6:15 p.m.•22 views

CVE-2022-36944

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...

9.8CVSS0.67806EPSS

Exploits1References6

OSV•added 2022/09/23 6:15 p.m.•27 views

CVE-2022-36944

9.8CVSS9.6AI score0.67806EPSS

Exploits1References6

UbuntuCve•added 2022/09/23 6:15 p.m.•49 views

CVE-2022-36944

9.8CVSS7AI score0.67806EPSS

Exploits1References3

OSV•added 2022/09/23 6:15 p.m.•1 views

UBUNTU-CVE-2022-36944

9.8CVSS6.9AI score0.67806EPSS

Exploits1References4

Prion•added 2022/09/23 6:15 p.m.•29 views

Deserialization of untrusted data

7.5CVSS9.5AI score0.67806EPSS

Exploits1References6Affected Software3

Vulnrichment•added 2022/09/23 12:0 a.m.•9 views

CVE-2022-36944

7.4AI score0.67806EPSS

Exploits1References6

CNNVD•added 2022/09/23 12:0 a.m.•2 views

Scala 代码问题漏洞

Scala is a Scala 2 compiler and standard library open-sourced by Scala. Scala version 2.13.x prior to 2.13.9 suffers from a code issue vulnerability that stems from a Java deserialization chain in a JAR file, which cannot be exploited and is at risk along with the deserialization of LazyList...

9.8CVSS7.8AI score0.67806EPSS

Exploits1References11

Cvelist•added 2022/09/23 12:0 a.m.•19 views

CVE-2022-36944

9.8AI score0.67806EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by