CVE-2018-12191

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or IntelR Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or IntelR TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrar...

UBUNTU-CVE-2019-6991

A classic Stack-based buffer overflow exists in the zmLoadUser function in zmuser.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username...

System x Secure Boot Vulnerability - Lenovo Support US

No description provided...

Duplicator <= 1.2.40 - Unauthenticated Arbitrary Code Execution

If installer files, installer.php and installer-backup.php, are not removed by the administrators, a code injection during the database setup step allows to execute arbitrary code on the server. actionajax=3&actionstep=3&dbhost=nowhere&dbuser=test&dbpass=test&dbname=test';...

CVE-2018-12465

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway SMG allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...

PT-2018-3943 · Cisco · Nexus 5600 Platform Switches +21

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software affected versions not specified Firepower 4100 Series Next-Generation Firewalls affected versions not specified Firepower 9300 Security Appliance affected versions not specified MDS 9000 Series...

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

CVE-2018-11013

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 CN routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header...

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

DEBIAN-CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

UBUNTU-CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

CVE-2015-9246

An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at...

CVE-2015-9246

CVE-2015-9246 affects Skybox Platform; remote unauthenticated code execution via a WAR containing a JSP is possible. The WAR is delivered to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP executes at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. Af...

UBUNTU-CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

CVE-2017-16721

A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...