55 matches found
CVE-2020-10655
The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The...
CVE-2020-12015
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A...
CVE-2020-12015
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A...
Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2018-1442)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
CVE-2018-6162
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2018-6162
CVE-2018-6162 is a heap buffer overflow in WebGL within Google Chrome (Mac) prior to 68.0.3440.75, exploitable via crafted HTML to trigger heap corruption. Debian and other advisories confirm a fix in Chrome/Chromium 68.0.3440.75 (and later); remediation is to upgrade to the fixed version. The co...
CVE-2018-6162
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory
A flaw was found in dict.c:dictunserialize function of glusterfs, dicunserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value...
CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
PT-2016-4170 · Ibm +2 · Ibm Sdk +3
Name of the Vulnerable Software and Affected Versions: IBM SDK, Java Technology Edition versions 6.0.0 through 6.0.16.24 IBM SDK, Java Technology Edition 6 R1 versions 6.1.0 through 6.1.8.24 IBM SDK, Java Technology Edition 7 versions 7.0.0 through 7.0.9.39 IBM SDK, Java Technology Edition 7 R1...