CWE:
 

Topic
Date
Author
Med.
Revive Adserver Deserialization / Open Redirect
02.05.2019
Matteo Beccati
High
OpenMRS Platform Insecure Object Deserialization
05.02.2019
Bishop Fox
Med.
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation
01.02.2017
Matteo Beccati
High
Solarwinds Virtualization Manager 6.3.1 Java Deserialization
17.06.2016
Nate Kettlewell


CVEMAP Search Results

CVE
Details
Description
2019-11-12
Medium
CVE-2019-1373

Vendor: Microsoft
Software: Exchange server
 

 
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

 
2019-11-05
Medium
CVE-2019-18631

Updating...
 

 
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file.

 
2019-10-31
Medium
CVE-2019-18364

Updating...
 

 
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

 
2019-10-29
Medium
CVE-2019-18601

Updating...
 

 
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.

 
2019-10-05
Medium
CVE-2019-17206

Updating...
 

 
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.

 
2019-10-04
Medium
CVE-2019-16891

Vendor: Liferay
Software: Liferay portal
 

 
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

 
2019-10-02
Medium
CVE-2019-17080

Vendor: Linuxmint
Software: Mintinstall
 

 
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.

 
Medium
CVE-2019-12630

Vendor: Cisco
Software: Security manager
 

 
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.

 
2019-10-01
Medium
CVE-2019-10202

Vendor: Redhat
Software: Jboss enterp...
 

 
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

 
2019-09-27
Low
CVE-2019-9373

Vendor: Google
Software: Android
 

 
In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-130173029

 

 


Copyright 2019, cxsecurity.com

 

Back to Top