Total
1363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32935 | 1 Cognex | 1 In-sight Opc Server | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
| The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | |||||
| CVE-2022-24108 | 1 Skyoftech | 1 So Listing Tabs | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data. | |||||
| CVE-2022-1118 | 1 Rockwellautomation | 3 Connected Component Workbench, Isagraf Workbench, Safety Instrumented Systems Workstation | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited | |||||
| CVE-2022-0573 | 1 Jfrog | 1 Artifactory | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. | |||||
| CVE-2020-8165 | 3 Debian, Opensuse, Rubyonrails | 3 Debian Linux, Leap, Rails | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | |||||
| CVE-2020-8164 | 3 Debian, Opensuse, Rubyonrails | 4 Debian Linux, Backports Sle, Leap and 1 more | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | |||||
| CVE-2022-29363 | 1 Phpok | 1 Phpok | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. | |||||
| CVE-2022-1463 | 1 Booking Calendar Project | 1 Booking Calendar | 2022-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site. | |||||
| CVE-2021-23592 | 1 Thinkphp | 1 Thinkphp | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. | |||||
| CVE-2020-5413 | 2 Oracle, Vmware | 8 Banking Corporate Lending Process Management, Banking Credit Facilities Process Management, Banking Supply Chain Finance and 5 more | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code. | |||||
| CVE-2022-25767 | 1 Ureport2 Project | 1 Ureport2 | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | |||||
| CVE-2020-23620 | 1 Orlansoft | 1 Orlansoft Erp | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | |||||
| CVE-2020-23621 | 1 Squire-technologies | 1 Svi Ms Management System | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | |||||
| CVE-2022-29936 | 1 Usu | 1 Oracle Optimization | 2022-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. | |||||
| CVE-2020-14172 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1. | |||||
| CVE-2021-24307 | 1 Aioseo | 1 All In One Seo | 2022-05-03 | 9.0 HIGH | 8.8 HIGH |
| The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool > Import/Export". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution. | |||||
| CVE-2020-4589 | 1 Ibm | 1 Websphere Application Server | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. | |||||
| CVE-2020-35488 | 1 Nxlog | 1 Nxlog | 2022-04-29 | 4.3 MEDIUM | 7.5 HIGH |
| The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.) | |||||
| CVE-2022-26133 | 1 Atlassian | 1 Bitbucket Data Center | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization. | |||||
| CVE-2021-21249 | 1 Onedev Project | 1 Onedev | 2022-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`) allows the instantiation of arbitrary classes. We can leverage that to run arbitrary code by instantiating classes such as `javax.script.ScriptEngineManager` and using `URLClassLoader` to load the script engine provider, resulting in the instantiation of a user controlled class. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by only allowing certain known classes to be deserialized | |||||