Total
1810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000824 | 1 Megamek | 1 Megamek | 2024-11-21 | N/A |
| MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | ||||
| CVE-2018-1000641 | 1 Yeswiki | 1 Yeswiki | 2024-11-21 | N/A |
| YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | ||||
| CVE-2018-1000527 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A |
| Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6. | ||||
| CVE-2018-1000525 | 1 Openpsa2 | 1 Openpsa | 2024-11-21 | N/A |
| openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. | ||||
| CVE-2018-1000509 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8. | ||||
| CVE-2018-1000210 | 1 Yamldotnet Project | 1 Yamldotnet | 2024-11-21 | N/A |
| YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. | ||||
| CVE-2018-1000167 | 1 Oisf | 1 Suricata-update | 2024-11-21 | N/A |
| OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1. | ||||
| CVE-2018-1000074 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-1000059 | 1 Validformbuilder | 1 Validform Builder | 2024-11-21 | N/A |
| ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. | ||||
| CVE-2018-1000058 | 1 Jenkins | 1 Pipeline Supporting Apis | 2024-11-21 | N/A |
| Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | ||||
| CVE-2018-1000048 | 1 Nasa | 1 Rtretrievalframework | 2024-11-21 | N/A |
| NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file. | ||||
| CVE-2018-1000047 | 1 Nasa | 1 Kodiak | 2024-11-21 | N/A |
| NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library. | ||||
| CVE-2018-1000046 | 1 Nasa | 1 Pyblock | 2024-11-21 | N/A |
| NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4. | ||||
| CVE-2018-1000045 | 1 Nasa | 1 Singledop | 2024-11-21 | N/A |
| NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1. | ||||
| CVE-2017-8967 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2017-8966 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2017-8965 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2017-8964 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2017-8963 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||
| CVE-2017-8962 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||||