Lucene search
K

56 matches found

CNNVD
CNNVD
added 2022/04/04 12:0 a.m.4 views

RSA Archer 跨站脚本漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

5.4CVSS5.6AI score0.00721EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.35 views

SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14419-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14419-1 advisory. - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux...

7.8CVSS7.3AI score0.00407EPSS
Exploits1References4
OSV
OSV
added 2021/03/18 8:15 p.m.4 views

CVE-2020-26886

Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host...

7.8CVSS6.1AI score0.00626EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.4 views

Softaculous Ltd. Softaculous 安全漏洞

Softaculous is a commercial scripting library that automates the installation of commercial and open source web applications onto websites. A code execution vulnerability exists in Softaculous versions prior to 5.5.7. The vulnerability stems from external initialization of trusted variables or da...

7.8CVSS6.1AI score0.00626EPSS
Exploits1References4
OSV
OSV
added 2021/01/28 1:15 p.m.3 views

CVE-2020-4682

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509...

9.8CVSS7.6AI score0.0769EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/27 12:0 a.m.6 views

IBM MQ 代码问题漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A remote code execution vulnerability exists in IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD, which is caused ...

10CVSS8.1AI score0.0769EPSS
Exploits0References9
Prion
Prion
added 2020/12/17 4:15 p.m.14 views

Deserialization of untrusted data

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

7.5CVSS9.8AI score0.06101EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2020/12/17 4:15 p.m.27 views

CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

9.8CVSS7.7AI score0.06101EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/12/17 3:15 p.m.23 views

CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

9.9AI score0.06101EPSS
Exploits1References6
Microsoft KB
Microsoft KB
added 2020/07/14 7:0 a.m.63 views

Description of the security update for SharePoint Server 2019: July 14, 2020

Description of the security update for SharePoint Server 2019: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see KB 4571413...

9.8CVSS7.6AI score0.94243EPSS
Exploits11
Microsoft KB
Microsoft KB
added 2020/07/14 7:0 a.m.97 views

Description of the security update for SharePoint Server 2010: July 14, 2020

Description of the security update for SharePoint Server 2010: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see KB 4571413...

8.8CVSS9.1AI score0.20265EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/01/02 12:0 a.m.171 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS8.7AI score0.32257EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2019/10/10 4:5 a.m.33 views

CVE-2018-1131

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...

8.8CVSS5.3AI score0.0127EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/17 12:0 a.m.3 views

Infinispan Code Execution Vulnerability

Infinispan is Infinispan team of a set of Java-based open source distributed data storage and data grid platform . A security vulnerability exists in Infinispan that stems from the program's failure to properly deserialize trusted data via XML and JSON encoders. An attacker could exploit the...

8.8CVSS7.1AI score0.0127EPSS
Exploits0References1
Prion
Prion
added 2018/05/15 1:29 p.m.23 views

Deserialization of untrusted data

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...

6.5CVSS8.7AI score0.0127EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/06/30 12:0 a.m.7 views

The vulnerability of the tdx.sys component, which is used to check the length of the operating system’s buffer, allows a hacker to exploit their privileges.

The vulnerability of the tdx.sys component, which is used to check the length of operating system Windows buffers, is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder, operating locally, to increase their privileges...

7.2CVSS7.3AI score0.01315EPSS
Exploits0References3
Rows per page
Query Builder