Total
1658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6793 | 1 Ni | 1 Veristand | 2024-09-17 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions. | |||||
| CVE-2024-6794 | 1 Ni | 1 Veristand | 2024-09-17 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions. | |||||
| CVE-2017-4947 | 1 Vmware | 2 Vrealize Automation, Vsphere Integrated Containers | 2024-09-17 | 10.0 HIGH | 9.8 CRITICAL |
| VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. | |||||
| CVE-2024-45855 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 7.5 HIGH |
| Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it. | |||||
| CVE-2024-45854 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 7.5 HIGH |
| Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it. | |||||
| CVE-2024-45853 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 7.5 HIGH |
| Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction. | |||||
| CVE-2024-45852 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | N/A | 8.8 HIGH |
| Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. | |||||
| CVE-2023-2042 | 1 Datagear | 1 Datagear | 2024-09-16 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-46147 | 1 Themify | 1 Ultra | 2024-09-16 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2024-37288 | 1 Elastic | 1 Kibana | 2024-09-16 | N/A | 8.8 HIGH |
| A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and have configured an Amazon Bedrock connector https://www.elastic.co/guide/en/security/current/assistant-connect-to-bedrock.html . | |||||
| CVE-2024-43931 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-09-13 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. | |||||
| CVE-2024-41874 | 1 Adobe | 1 Coldfusion | 2024-09-13 | N/A | 9.8 CRITICAL |
| ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-29847 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2023-46227 | 1 Apache | 1 Inlong | 2024-09-12 | N/A | 7.5 HIGH |
| Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 | |||||
| CVE-2024-28074 | 1 Solarwinds | 1 Access Rights Manager | 2024-09-10 | N/A | 9.8 CRITICAL |
| It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. | |||||
| CVE-2022-34268 | 1 Rws | 1 Worldserver | 2024-09-09 | N/A | 9.8 CRITICAL |
| An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | |||||
| CVE-2024-8255 | 1 Deltaww | 1 Dtn Soft | 2024-09-06 | N/A | 9.8 CRITICAL |
| Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | |||||
| CVE-2024-43242 | 1 Wpindeed | 1 Ultimate Membership Pro | 2024-09-06 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6. | |||||
| CVE-2023-46817 | 1 Phpfox | 1 Phpfox | 2024-09-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. | |||||
| CVE-2023-47204 | 1 Toumorokoshi | 1 Transmute-core | 2024-09-06 | N/A | 9.8 CRITICAL |
| Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. | |||||