Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
deserialization vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an...
Fasterxml
Jackson-databind
Oracle
Jd Edwards Enterpriseone Tools
Retail Merchandising System
Redhat
Automation Manager
Decision Manager
Jboss Brms
Jboss Enterprise Application Platform
Openshift Container Platform
Single Sign-on
Debian
Debian Linux
Fedoraproject
Fedora
2 Github repositories available
7.5
CVSSv3
CVE-2017-11143
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c....
Php
7.5
CVSSv3
CVE-2018-12023
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access,...
Fasterxml
Jackson-databind
Oracle
Jd Edwards Enterpriseone Tools
Retail Merchandising System
Redhat
Automation Manager
Decision Manager
Jboss Brms
Jboss Enterprise Application Platform
Openshift Container Platform
Single Sign-on
Debian
Debian Linux
Fedoraproject
Fedora
2 Github repositories available
9.8
CVSSv3
CVE-2020-8801
SuiteCRM through 7.11.11 allows PHAR Deserialization....
Salesagility
Suitecrm
NA
CVE-2013-0333
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or...
Rubyonrails
Rails
Ruby On Rails
1 EDB exploit available
2 Metasploit modules available
7 Github repositories available
1 Article available
NA
CVE-2011-2092
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors,...
Adobe
Blazeds
Livecycle
Livecycle Data Services
9.8
CVSSv3
CVE-2019-15780
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization....
Formidableforms
Formidable
NA
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization....
Inoideas
Inoerp
NA
CVE-2009-2723
Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262....
Sun
Java Se
1 Github repository available
NA
CVE-2014-3699
eDeploy has RCE via cPickle deserialization of untrusted data...
Redhat
Edeploy
Jboss Enterprise Web Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
streaming engine
deserialization
CVE-2019-11286
local file inclusion
CVE-2020-5617
CVE-2020-3460
CVE-2020-13379
extremenetworks
CVE-2020-15870
code injection
daviewindy
CVE-2020-5413
simpleledger
1
2
3
4
5
NEXT »
Vulmon