Siemens SINEC NMS code issue vulnerability

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks. a code issue vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows the upload of JSON objects deserialized t...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

Deserialization of untrusted data

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

CVE-2021-33728

Summary of advisory for CVE-2021-33728 (Siemens SINEC NMS) Affected product: Siemens SINEC NMS (all versions

CVE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...

CVE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...

Deserialization of untrusted data

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...

Deserialization of Untrusted Data in Neo4j

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2021-21677

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

Remote code execution

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

Neo4j 代码问题漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from Neo4j, Inc. that supports data migration, add-ons, and more. A code issue vulnerability exists in neo4j that originates from an RMI service that arbitrarily deserializes Java objects. An attacker exploiting this vulnerability...

XStream Code Execution Vulnerability (CNVD-2021-28328)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

Aca Assurex Rentes Code Issue Vulnerability

Aca Assurex Rentes is a Saas service for the management of all types of funds from the French company Aca. The service covers the entire lifecycle of an annuity contract: liquidation, calculation simulation, pricing, arrears calculation, payments, revaluation, justification, calculation of...

Cisco Security Manager Input Validation Error Vulnerability

Cisco Security Manager CSM is a suite of enterprise-level management applications from Cisco that are used to configure firewall, VPN, and intrusion protection security services on Cisco network and security devices. A security vulnerability exists in Cisco Security Manager that stems from affect...

Cisco Security Manager 代码问题漏洞

Cisco Security Manager CSM is a suite of enterprise-level management applications from Cisco that are used to configure firewall, VPN, and intrusion protection security services on Cisco network and security devices. A security vulnerability exists in Cisco Security Manager that stems from affect...

CVE-2020-15252

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is...

Design/Logic Flaw

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is...