Lucene search
K

327 matches found

Github Security Blog
Github Security Blog
added 2018/10/22 8:52 p.m.34 views

Akka Java Serialization vulnerability

Akka versions =2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem...

9.3CVSS8.3AI score0.05666EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/10/17 6:29 p.m.3 views

CVE-2018-15616

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2...

9.8CVSS6AI score0.03343EPSS
Exploits1References1
Prion
Prion
added 2018/10/17 6:29 p.m.21 views

Deserialization of untrusted data

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2...

7.5CVSS9.6AI score0.03343EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/28 5:29 p.m.3 views

CVE-2018-5393

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation RMI service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2018/09/14 8:29 p.m.17 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS6.8AI score0.26172EPSS
Exploits7References7
The Hacker News
The Hacker News
added 2018/08/17 9:26 a.m.125 views

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

0.7AI score
Exploits0
OSV
OSV
added 2018/06/11 5:29 p.m.5 views

CVE-2017-3203

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...

8.1CVSS6AI score0.06336EPSS
Exploits2References4
OSV
OSV
added 2018/06/11 5:29 p.m.5 views

CVE-2017-3201

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...

8.1CVSS6AI score0.05385EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2018/03/12 4:37 p.m.4 views

infinispan: Unsafe deserialization of malicious object injected into data cache

It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...

8.8CVSS5.8AI score0.02881EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/02/14 7:29 p.m.3 views

camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks

It was found that Apache Camel contains a security vulnerability via camel-hessian component. An attacker can utilize this flaw to deserialize a malicious object on the target machine which could lead to Remote Code Execution RCE...

9.8CVSS5.9AI score0.07133EPSS
Exploits3References4
OSV
OSV
added 2018/01/18 6:29 p.m.32 views

CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

9.8CVSS9.6AI score
Exploits0References16
CNVD
CNVD
added 2017/10/23 12:0 a.m.6 views

Apache James java deserialization arbitrary command execution vulnerability

Apache James is pure Java SMTP and POP3 mail server and NNTP news server . A security vulnerability in the Apache James JMX server's handling of Java deserialization allows an attacker to exploit the vulnerability to construct special requests to execute arbitrary code in the context of an...

7.8CVSS7.8AI score0.00759EPSS
Exploits4References1
CVE
CVE
added 2017/10/12 6:0 p.m.55 views

CVE-2016-8736

Apache OpenMeetings (before 3.1.2) is vulnerable to Remote Code Execution via RMI deserialization. The root cause is deserialization of untrusted data in the RMI path, enabling an attacker to execute arbitrary code on the affected server. Public advisories reference OpenMeetings RCE through this ...

9.8CVSS9.7AI score0.04781EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2017/09/25 12:0 a.m.13 views

ScrumWorks Pro 6.7.0 RCE Vulnerability

ScrumWorks Pro is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/25 12:0 a.m.49 views

Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...

9.8CVSS7.9AI score0.07958EPSS
Exploits1References3
OSV
OSV
added 2017/01/18 10:59 p.m.4 views

CVE-2016-3415

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276...

9.1CVSS5.8AI score0.02434EPSS
Exploits0References3
CNVD
CNVD
added 2016/10/10 12:0 a.m.12 views

Apache MyFaces Trinidad Remote Code Execution Vulnerability

Apache MyFaces Trinidad is a U.S. Apache Apache Software Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A remote code execution vulnerability exists in CoreResponseStateManager in Apache MyFaces Trinidad, which can be exploited...

9.8CVSS9.7AI score0.07958EPSS
Exploits1References1
Cvelist
Cvelist
added 2016/10/03 6:0 p.m.36 views

CVE-2016-5019

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...

9.2AI score0.07958EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2015/12/18 9:17 p.m.8 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.6 views

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

9.8CVSS7.6AI score0.42983EPSS
Exploits4References5
Rows per page
Query Builder