Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4221 matches found

OSV
OSVadded 2020/08/11 5:21 p.m.45 views

GHSA-HXCC-F52P-WC94 Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

8.1CVSS8AI score0.02901EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2020/08/11 5:21 p.m.346 views

Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

8.1CVSS4.3AI score0.02901EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2020/08/07 12:0 a.m.279 views

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

8.3CVSS6.6AI score0.01018EPSS
Exploits0References18
IBM Security Bulletins
IBM Security Bulletinsadded 2020/08/06 2:23 p.m.33 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-2805...

8.3CVSS0.7AI score0.02622EPSS
Exploits0Affected Software1
OSV
OSVadded 2020/08/05 2:53 p.m.40 views

GHSA-86QR-9VQC-PGC6 Code execution in Spring Integration

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS9.4AI score0.01768EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletinsadded 2020/08/04 5:26 a.m.39 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2800 DESCRIPTION: An unspecified...

5.8CVSS1.7AI score0.00535EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2020/07/31 7:43 p.m.29 views

CVE-2020-5411

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

6.8CVSS3AI score0.00805EPSS
Exploits0References3
Cvelist
Cvelistadded 2020/07/31 7:40 p.m.16 views

CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"

Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.5AI score0.01768EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.3 views

jackson-databind: Serialization gadgets in javax.swing.JEditorPane

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality...

8.8CVSS7.1AI score0.01035EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.2 views

jackson-databind: Serialization gadgets in anteros-core

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.62015EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.1 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.0239EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.3 views

jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider

A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.03824EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.2 views

jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.09872EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.1 views

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.38262EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.2 views

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.01367EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/30 8:22 p.m.2 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08934EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/29 6:21 a.m.1 views

jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.06772EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2020/07/29 6:21 a.m.1 views

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.02182EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/29 6:21 a.m.2 views

jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.1CVSS7.1AI score0.08934EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2020/07/29 6:21 a.m.3 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.20898EPSS
Exploits0References4
Rows per page
Query Builder