Lucene search
K

148 matches found

CVE
CVE
added 2020/09/11 2:19 a.m.62 views

CVE-2020-25259

CVE-2020-25259 affects Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The root cause is the unsafe use of XML deserialization libraries. The CVSS data indicates a network-exposed vector with high criticality (C/H/I...

9.8CVSS9.4AI score0.01421EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:19 a.m.22 views

CVE-2020-25259

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner...

9.6AI score0.01421EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/11 12:0 a.m.5 views

Hyland OnBase XML Deserialization Library Insecure Use Vulnerability

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase is vulnerable to an unsafe use of the XML deserialization library. No detailed vulnerability details are provided at this time...

9.8CVSS6.9AI score0.01421EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/07/15 12:0 a.m.65 views

Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566516)

This host is missing a critical security update according to Microsoft KB4566516 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

7.8CVSS7.9AI score0.94243EPSS
Exploits10References3
RedHat Linux
RedHat Linux
added 2020/03/05 12:53 p.m.3 views

xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...

9.8CVSS7.5AI score0.94774EPSS
Exploits9References5
NVD
NVD
added 2020/02/19 2:15 p.m.14 views

CVE-2014-2228

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...

9.8CVSS9.8AI score0.03311EPSS
Exploits1References1
CVE
CVE
added 2020/02/19 1:20 p.m.42 views

CVE-2014-2228

The CVE-2014-2228 issue affects the XStream extension in HP Fortify SCA prior to version 2.2 RC3, where unsafe deserialization of XML messages allows remote attackers to execute arbitrary code. The affected component is the XStream extension, with the root cause described as unsafe XML deserializ...

9.8CVSS9.7AI score0.03311EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 1:20 p.m.19 views

CVE-2014-2228

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...

9.9AI score0.03311EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1093)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.15087EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1159)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.15087EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1092)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.15087EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/11/14 9:17 p.m.6 views

xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...

9.8CVSS7.5AI score0.94774EPSS
Exploits9References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/01 8:48 p.m.51 views

Security Bulletin: Multiple vulnerabilities in Xstream affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in XStream was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2013-7285 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by an error in the XMLGenerator API. An attacker could...

9.8CVSS1.2AI score0.94774EPSS
Exploits9Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/17 2:54 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.23 views

NewStart CGSL MAIN 5.04 : slf4j Vulnerability (NS-SA-2019-0015)

The remote NewStart CGSL host, running version MAIN 5.04, has slf4j packages installed that are affected by a vulnerability: - An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. CVE-2018-8088...

9.8CVSS7.7AI score0.15087EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.8 views

xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...

9.8CVSS7.5AI score0.94774EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.155 views

Important: Red Hat Security Advisory: Red Hat Decision Manager 7.4.0 Security Update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

10CVSS7.6AI score0.94774EPSS
Exploits9References14
Check Point Advisories
Check Point Advisories
added 2019/04/28 12:0 a.m.16 views

Oracle WebLogic Server Remote Code Execution (CVE-2019-2725)

A remote code execution vulnerability exists within Oracle WebLogic. The vulnerability is due to improper XML deserialization. Successful exploitation could lead to arbitrary code execution...

7.5CVSS4.6AI score0.99964EPSS
Exploits35
ATTACKERKB
ATTACKERKB
added 2019/04/26 12:0 a.m.289 views

CVE-2019-2725

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS2.3AI score0.99964EPSS
In wildExploits35References10
RedHat Linux
RedHat Linux
added 2018/08/15 7:41 a.m.4 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
Rows per page
Query Builder