Lucene search
+L

439 matches found

OSV
OSV
added 2019/09/11 9:15 p.m.8 views

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

9.8CVSS5.9AI score0.2371EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2019/06/10 12:0 a.m.33 views

Fedora 29 : php (2019-8c4b25b5ec)

"PHP version 7.2.19 30 May 2019 EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921 static.php.net doesn't work anymore. Peter Kokot GD: - Fixed bug php77943...

9.1CVSS5.9AI score0.04332EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.29 views

Fedora 28 : php-symfony3 (2018-66547a8c14)

Version 3.4.20 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas - bug 29436 Cache Fixed Memcached adapter doClearto call flush raitocz - bug 29441...

6.1CVSS6.4AI score0.03589EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.36 views

Fedora 29 : php-symfony3 (2018-8d3a9bdff1)

Version 3.4.20 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas - bug 29436 Cache Fixed Memcached adapter doClearto call flush raitocz - bug 29441...

6.1CVSS6.4AI score0.03589EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.27 views

Fedora 29 : php-symfony4 (2018-84a1f77d89)

Version 4.1.9 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas - bug 29436 Cache Fixed Memcached adapter doClearto call flush raitocz - bug 29441...

6.1CVSS6.4AI score0.03589EPSS
Exploits0References5
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2018/11/06 11:14 p.m.17 views

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...

7.1AI score
Exploits0
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2018/11/06 11:14 p.m.482 views

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...

3.1AI score
Exploits0
Cvelist
Cvelist
added 2018/09/28 12:0 a.m.18 views

CVE-2018-14037

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

6.1AI score0.01174EPSS
Exploits2References3
OSV
OSV
added 2018/07/09 8:29 p.m.3 views

CVE-2018-1000618

EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abiserializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit...

9.8CVSS5.8AI score0.01532EPSS
Exploits0References1
Prion
Prion
added 2018/06/11 5:29 p.m.18 views

Design/Logic Flaw

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...

6.8CVSS9.1AI score0.05385EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2018/06/11 5:29 p.m.7 views

CVE-2017-3201

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...

8.1CVSS6AI score0.05385EPSS
Exploits2References4
OSV
OSV
added 2018/06/11 5:29 p.m.5 views

CVE-2017-3206

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...

9.8CVSS5.8AI score0.0368EPSS
Exploits2References4
NVD
NVD
added 2018/06/11 5:29 p.m.20 views

CVE-2017-3202

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.8CVSS9.5AI score0.0821EPSS
Exploits2References4
Prion
Prion
added 2018/06/11 5:29 p.m.23 views

Server side request forgery (ssrf)

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...

7.5CVSS9.5AI score0.0368EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2018/06/11 5:29 p.m.6 views

CVE-2017-3202

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.8CVSS6.3AI score0.0821EPSS
Exploits2References4
Prion
Prion
added 2018/06/11 5:29 p.m.23 views

Deserialization of untrusted data

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

7.5CVSS9.5AI score0.0821EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2018/06/11 5:29 p.m.24 views

CVE-2017-3201

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...

8.1CVSS8.2AI score0.05385EPSS
Exploits2References4
CVE
CVE
added 2018/06/11 5:0 p.m.52 views

CVE-2017-3201

CVE-2017-3201 affects Flamingo amf-serializer by Exadel, version 2.2.0. The AMF3 deserializer derives class instances from java.io.Externalizable instead of flash.utils.IExternalizable, enabling a remote attacker who can spoof/control an RMI server to send serialized Java objects that execute arb...

8.1CVSS8.2AI score0.05385EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2018/06/11 5:0 p.m.77 views

CVE-2017-3202

The CVE-2017-3202 entry concerns Flamingo amf-serializer (Exadel) 2.2.0, whose AMF3 deserializers may instantiate arbitrary classes via a public no-argument constructor and then invoke Java Beans setters. Exploitation requires that attacker-controlled or spoofable data reach the serdes path and t...

9.8CVSS9.5AI score0.0821EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 5:0 p.m.28 views

CVE-2017-3201 Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...

8.7AI score0.05385EPSS
Exploits2References4
Rows per page
Query Builder