SUSE CVE-2016-5003

The Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element...

SUSE CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

SUSE CVE-2016-0779

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object...

Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...

Huawei EulerOS: Security Advisory for numpy (EulerOS-SA-2020-2375)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : numpy (EulerOS-SA-2020-2083)

According to the version of the numpy packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary...

EulerOS Virtualization 3.0.6.0 : numpy (EulerOS-SA-2020-1730)

According to the version of the numpy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attacker...

Updated python-numpy packages fix security vulnerability

Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call CVE-2019-6446...

OpenMRS Platform Insecure Deserialization (CVE-2018-19276)

An Insecure Deserialization vulnerability exists in OpenMRS platform. A remote attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the effected system...

CVE-2019-9212

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...

Design/Logic Flaw

DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...

PYSEC-2019-108

DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...

The vulnerability of the CA Release Automation system arises from the restoration of an unreliable data structure in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the CA Release Automation system arises from the restoration of a dubious data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code using a specially crafted serialized object...

CVE-2018-15691

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...

Design/Logic Flaw

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

CVE-2018-0147

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...

Deserialization of untrusted data

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...

CVE-2014-9515

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object...

Design/Logic Flaw

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...