Total
1658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49297 | 1 Iterative | 1 Pydrive2 | 2023-12-16 | N/A | 7.8 HIGH |
| PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-50252 | 1 Dompdf | 1 Php-svg-lib | 2023-12-15 | N/A | 9.8 CRITICAL |
| php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. | |||||
| CVE-2023-45672 | 1 Frigate | 1 Frigate | 2023-12-13 | N/A | 7.5 HIGH |
| Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch. | |||||
| CVE-2023-46674 | 1 Elastic | 1 Elasticsearch | 2023-12-12 | N/A | 7.8 HIGH |
| An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue. | |||||
| CVE-2023-48967 | 1 Noear | 1 Solon | 2023-12-07 | N/A | 9.8 CRITICAL |
| Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | |||||
| CVE-2020-23653 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | |||||
| CVE-2023-48887 | 1 Fengjiachun | 1 Jupiter | 2023-12-06 | N/A | 9.8 CRITICAL |
| A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. | |||||
| CVE-2023-47207 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-06 | N/A | 9.8 CRITICAL |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | |||||
| CVE-2022-0538 | 1 Jenkins | 1 Jenkins | 2023-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | |||||
| CVE-2023-46990 | 1 Publiccms | 1 Publiccms | 2023-11-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | |||||
| CVE-2023-44353 | 1 Adobe | 1 Coldfusion | 2023-11-23 | N/A | N/A |
| Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-21677 | 1 Jenkins | 1 Code Coverage Api | 2023-11-22 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. | |||||
| CVE-2021-23895 | 1 Mcafee | 1 Database Security | 2023-11-15 | 9.0 HIGH | 8.0 HIGH |
| Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | |||||
| CVE-2021-23894 | 1 Mcafee | 1 Database Security | 2023-11-15 | 10.0 HIGH | 8.8 HIGH |
| Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | |||||
| CVE-2021-23758 | 1 Ajaxpro.2 Project | 1 Ajaxpro.2 | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. | |||||
| CVE-2023-1714 | 1 Bitrix24 | 1 Bitrix24 | 2023-11-09 | N/A | 8.8 HIGH |
| Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization. | |||||
| CVE-2023-47174 | 1 Thorntech | 2 Sftp Gateway, Sftp Gateway Firmware | 2023-11-08 | N/A | 9.8 CRITICAL |
| Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. | |||||
| CVE-2023-4402 | 1 Wpdeveloper | 2 Essential Blocks, Essential Blocks Pro | 2023-11-07 | N/A | 9.8 CRITICAL |
| The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2023-4386 | 1 Wpdeveloper | 1 Essential Blocks | 2023-11-07 | N/A | 8.1 HIGH |
| The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2023-34347 | 1 Deltaww | 1 Infrasuite Device Master | 2023-11-07 | N/A | 9.8 CRITICAL |
| ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | |||||