CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4222 matches found

Ubuntu•added 2021/01/28 8:38 p.m.•129 views

USN-4714-1: XStream vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. CVE-2020-26217 It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could...

9.3CVSS7.5AI score0.9368EPSS

Exploits11

IBM Security Bulletins•added 2021/01/28 3:51 p.m.•39 views

Security Bulletin: A vulnerability in IBM Java affects IBM Decision Optimization Center (CVE-2020-14779)

Summary There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...

4.3CVSS1.4AI score0.00234EPSS

Exploits0Affected Software1

CNNVD•added 2021/01/28 12:0 a.m.•1 views

Aca Assurex Rentes Code Issue Vulnerability

Aca Assurex Rentes is a Saas service for the management of all types of funds from the French company Aca. The service covers the entire lifecycle of an annuity contract: liquidation, calculation simulation, pricing, arrears calculation, payments, revaluation, justification, calculation of...

9.8CVSS7.4AI score0.14326EPSS

Exploits0References3

IBM Security Bulletins•added 2021/01/25 5:19 p.m.•52 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2020 Critical Patch Update minus CVE-2020-14781 and CVE-2020-14782. CVE-2020-14781 and CVE-2020-14782 will be covered by additional bulletins. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE...

5.8CVSS0.9AI score0.00246EPSS

Exploits0Affected Software2

CNVD•added 2021/01/25 12:0 a.m.•4 views

FasterXML jackson-databind code issue vulnerability (CNVD-2021-06524)

FasterXML jackson-databind is a JAVA-based data formats such as XML and JSON and JAVA objects can be converted to the library . Jackson can easily convert Java objects into json objects and xml documents , the same can be converted to json, xml Java objects . A code issue vulnerability exists in...

8.3CVSS9.3AI score0.00502EPSS

Exploits0References1

IBM Security Bulletins•added 2021/01/23 2:16 a.m.•34 views

Security Bulletin: Security vulnerabilities in Java SE affects Rational Build Forge

Summary Java SE that is used by IBM Rational Build Forge has a security vulnerabilities. IBM Rational Build Forge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE related to the Hotspot component could allow an...

5.8CVSS1.7AI score0.00246EPSS

Exploits0Affected Software1

Fedora•added 2021/01/23 1:32 a.m.•82 views

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

10CVSS9AI score0.13704EPSS

Exploits0

IBM Security Bulletins•added 2021/01/22 10:11 p.m.•42 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14797 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow...

4.3CVSS3.2AI score0.00234EPSS

Exploits0Affected Software1

BDU FSTEC•added 2021/01/21 12:0 a.m.•1 views

The vulnerability of the compiler of the protobuf serialization library allows a hacker to execute arbitrary code.

The vulnerability of the protobuf serialization library compiler is related to an error in the processing of integer variables. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7AI score0.00763EPSS

Exploits0References7Affected Software2

Github Security Blog•added 2021/01/20 9:20 p.m.•55 views

Deserialization of untrusted data in jackson-databind

A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.3CVSS8.4AI score0.00502EPSS

Exploits0References10Affected Software1

Tenable Nessus•added 2021/01/20 12:0 a.m.•41 views

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2021-1078)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are...

5.8CVSS6.4AI score0.00535EPSS

Exploits0References18

OSV•added 2021/01/19 5:15 p.m.•1 views

DEBIAN-CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.9AI score0.00502EPSS

Exploits0References1