Total
1324 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15098 | 1 Typo3 | 1 Typo3 | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6. | |||||
| CVE-2020-15086 | 1 Typo3 | 1 Mediace | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3. | |||||
| CVE-2020-15244 | 1 Openmage | 1 Magento | 2021-11-18 | 6.5 MEDIUM | 7.2 HIGH |
| In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4. | |||||
| CVE-2020-14195 | 4 Debian, Fasterxml, Netapp and 1 more | 14 Debian Linux, Jackson-databind, Active Iq Unified Manager and 11 more | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | |||||
| CVE-2021-34992 | 1 Orckestra | 1 C1 Cms | 2021-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740. | |||||
| CVE-2021-26558 | 1 Apache | 1 Shardingsphere-ui | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. | |||||
| CVE-2021-42698 | 1 Azeotech | 1 Daqfactory | 2021-11-09 | 6.8 MEDIUM | 7.8 HIGH |
| Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. | |||||
| CVE-2021-35215 | 1 Solarwinds | 1 Orion Platform | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. | |||||
| CVE-2021-35216 | 1 Solarwinds | 1 Patch Manager | 2021-11-03 | 9.0 HIGH | 8.8 HIGH |
| Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution. | |||||
| CVE-2021-35218 | 1 Solarwinds | 1 Orion Platform | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server | |||||
| CVE-2021-35217 | 1 Solarwinds | 1 Patch Manager | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data. | |||||
| CVE-2021-22097 | 1 Vmware | 1 Spring Advanced Message Queuing Protocol | 2021-11-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. | |||||
| CVE-2021-41078 | 1 Nameko | 1 Nameko | 2021-10-29 | 6.8 MEDIUM | 7.8 HIGH |
| Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. | |||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2021-10-28 | 4.6 MEDIUM | 7.8 HIGH |
| The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | |||||
| CVE-2021-40865 | 1 Apache | 1 Storm | 2021-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4 | |||||
| CVE-2021-39321 | 1 Heateor | 1 Sassy Social Share | 2021-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function. | |||||
| CVE-2021-40720 | 1 Adobe | 1 Ops-cli | 2021-10-20 | 10.0 HIGH | 9.8 CRITICAL |
| Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine. | |||||
| CVE-2021-40843 | 1 Proofpoint | 1 Insider Threat Management Server | 2021-10-19 | 6.9 MEDIUM | 7.3 HIGH |
| Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected. | |||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | |||||
| CVE-2021-3035 | 1 Paloaltonetworks | 1 Bridgecrew Checkov | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted. | |||||