Total
1810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18589 | 1 Microfocus | 1 Real User Monitoring | 2024-11-21 | N/A |
| A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | ||||
| CVE-2018-18447 | 1 Dotpdn | 1 Paint.net | 2024-11-21 | 9.8 Critical |
| dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | ||||
| CVE-2018-18446 | 1 Dotpdn | 1 Paint.net | 2024-11-21 | 9.8 Critical |
| dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). | ||||
| CVE-2018-18240 | 1 Pippo | 1 Pippo | 2024-11-21 | N/A |
| Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | ||||
| CVE-2018-18013 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | N/A |
| * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost. | ||||
| CVE-2018-17057 | 2 Limesurvey, Tecnick | 2 Limesurvey, Tcpdf | 2024-11-21 | N/A |
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | ||||
| CVE-2018-16476 | 2 Redhat, Rubyonrails | 3 Cloudforms, Cloudforms Managementengine, Rails | 2024-11-21 | N/A |
| A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | ||||
| CVE-2018-16364 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.1 High |
| A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | ||||
| CVE-2018-15965 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-15959 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-15958 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-15957 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-15890 | 1 Ethereum | 1 Ethereumj | 2024-11-21 | N/A |
| An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server. | ||||
| CVE-2018-15691 | 1 Broadcom | 1 Release Automation | 2024-11-21 | N/A |
| Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | ||||
| CVE-2018-15686 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 7 more | 2024-11-21 | 7.8 High |
| A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. | ||||
| CVE-2018-15616 | 1 Avaya | 1 Avaya Aura System Platform | 2024-11-21 | N/A |
| A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2. | ||||
| CVE-2018-15576 | 1 Hazzardweb | 1 Easylogin Pro | 2024-11-21 | N/A |
| An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key. | ||||
| CVE-2018-15514 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. | ||||
| CVE-2018-15503 | 1 Swoole | 1 Swoole | 2024-11-21 | N/A |
| The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. | ||||
| CVE-2018-14878 | 1 Jetbrains | 2 Dotpeek, Resharper Ultimate | 2024-11-21 | N/A |
| JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | ||||