CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4222 matches found

IBM Security Bulletins•added 2021/05/20 6:3 p.m.•46 views

Security Bulletin: IBM MQ is vulnerable to an issue in IBM® Runtime Environment Java™ Technology Edition. (CVE-2020-14779)

Summary An issue was identified within IBM® Runtime Environment Java™ Technology Edition that is shipped with and used by IBM MQ. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated...

4.3CVSS1.2AI score0.00234EPSS

Exploits0Affected Software1

Github Security Blog•added 2021/05/19 11:2 p.m.•211 views

Insecure deserialization in Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

9.1CVSS0.9AI score0.00451EPSS

Exploits1References4Affected Software1

CNVD•added 2021/05/14 12:0 a.m.•4 views

Command Execution Vulnerability in XStream

XStream is an open source Java class library , it is mainly used to serialize objects into XML JSON or deserialize objects . A command execution vulnerability exists in XStream. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected application run by ...

8.1AI score

Exploits0

NVD•added 2021/05/13 11:15 p.m.•19 views

CVE-2021-33026

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...

9.8CVSS0.16282EPSS

Exploits3References2

OSV•added 2021/05/13 11:15 p.m.•3 views

DEBIAN-CVE-2021-33026

9.8CVSS9.2AI score0.16282EPSS

Exploits3References1

OSV•added 2021/05/13 11:15 p.m.•8 views

CVE-2021-33026

9.8CVSS9.7AI score

Exploits0References2

Prion•added 2021/05/13 11:15 p.m.•23 views

Remote code execution

DISPUTED The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload,...

7.5CVSS9.5AI score0.16282EPSS

Exploits3References2Affected Software1

PyPA•added 2021/05/13 11:15 p.m.•5 views

PYSEC-2021-13

9.8CVSS8.1AI score0.16282EPSS

Exploits3References2Affected Software1

OSV•added 2021/05/13 11:15 p.m.•0 views

UBUNTU-CVE-2021-33026

9.8CVSS7.9AI score0.16282EPSS

Exploits3References3

OSV•added 2021/05/13 11:15 p.m.•3 views

PYSEC-2021-13

6.5AI score

Exploits0References2

UbuntuCve•added 2021/05/13 11:15 p.m.•38 views

CVE-2021-33026

9.8CVSS7.8AI score0.16282EPSS

Exploits3References2

Vulnrichment•added 2021/05/13 10:51 p.m.•18 views

CVE-2021-33026

7.7AI score0.16282EPSS

Exploits3References2

CVE•added 2021/05/13 10:51 p.m.•218 views

CVE-2021-33026

The CVE-2021-33026 entry concerns Flask-Caching up to 1.10.1 which uses Pickle for serialization. If an attacker can access cache storage (filesystem, Memcached, Redis, etc.), they can craft a payload to poison the cache and execute Python code (remote code execution/local privilege escalation). ...

9.8CVSS9.4AI score0.16282EPSS

Exploits3References2Affected Software1

Debian CVE•added 2021/05/13 10:51 p.m.•37 views

CVE-2021-33026

9.8CVSS9.7AI score0.16282EPSS

Exploits3

Cvelist•added 2021/05/13 10:51 p.m.•49 views

CVE-2021-33026

9.9AI score0.16282EPSS

Exploits3References2

FreeBSD•added 2021/05/13 12:0 a.m.•30 views

py-flask-caching -- remote code execution or local privilege escalation vulnerabilities

subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payloa...

9.8CVSS7.9AI score0.16282EPSS

Exploits3References2

CNNVD•added 2021/05/13 12:0 a.m.•4 views

Pallets Project Flask 代码问题漏洞

Pallets Project Flask is a lightweight WSGI Web Server Gateway Interface application framework from the Pallets Project. A code issue vulnerability exists in Flask version 1.10.1. The vulnerability stems from program extensions relying on Pickle for serialization, which could lead to remote code...

9.8CVSS9AI score0.16282EPSS

Exploits3References3

Veracode•added 2021/05/12 5:18 a.m.•34 views

Insecure Deserialization

wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...

9.1CVSS3.3AI score0.00451EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2021/05/12 12:0 a.m.•837 views

Ubuntu 18.04 LTS / 20.04 LTS : XStream vulnerabilities (USN-4943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4943-1 advisory. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by...

9.9CVSS7.4AI score0.9368EPSS

Exploits21References15

Check Point Advisories•added 2021/05/12 12:0 a.m.•5 views

Apache OFBiz Insecure Deserialization (CVE-2021-26295)

An insecure deserialization vulnerability exists in Apache OFBiz. This vulnerability is due to Java serialization issues when processing requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request...

7.5CVSS3.9AI score0.94237EPSS

Exploits9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by