CVE & Exploit Intelligence Database

CVE-2020-4305 8.8 HIGH EPSS 0.01

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677.

CWE-502 Jul 09, 2020

CVE-2020-14172 9.8 CRITICAL EPSS 0.05

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1.

CWE-502 Jul 03, 2020

CVE-2020-2211 8.8 HIGH EPSS 0.01

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

CWE-502 Jul 02, 2020

CVE-2013-7489 6.8 MEDIUM EPSS 0.00

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.

CWE-502 Jun 26, 2020

CVE-2020-10740 6.6 MEDIUM EPSS 0.00

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

CWE-502 Jun 22, 2020

CVE-2020-14942 9.8 CRITICAL EPSS 0.00

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CWE-502 Jun 21, 2020

CVE-2020-14933 8.8 HIGH EPSS 0.01

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).

CWE-502 Jun 20, 2020

CVE-2020-14932 9.8 CRITICAL EPSS 0.00

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

CWE-502 Jun 20, 2020

CVE-2020-8165 9.8 CRITICAL 8 PoCs Analysis EPSS 0.90

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

CWE-502 Jun 19, 2020

CVE-2020-8164 7.5 HIGH EPSS 0.07

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CWE-502 Jun 19, 2020

CVE-2020-14195 8.1 HIGH 3 PoCs Analysis EPSS 0.10

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

CWE-502 Jun 16, 2020

CVE-2020-14060 8.1 HIGH 2 PoCs Analysis EPSS 0.09

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

CWE-502 Jun 14, 2020

CVE-2020-14062 8.1 HIGH 2 PoCs Analysis EPSS 0.08

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

CWE-502 Jun 14, 2020

CVE-2020-14061 8.1 HIGH 2 PoCs Analysis EPSS 0.06

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).

CWE-502 Jun 14, 2020

CVE-2020-5411 8.1 HIGH EPSS 0.01

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.

CWE-502 Jun 11, 2020

CVE-2020-0132 5.5 MEDIUM EPSS 0.00

In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139473816

CWE-502 Jun 11, 2020

CVE-2020-4043 7.7 HIGH 1 Writeup EPSS 0.02

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), so the risk factor should be regarded as very high. Newer phpMussel versions don't use PHP's phar wrapper, and are therefore unaffected. This has been fixed in version 1.6.0.

CWE-502 Jun 10, 2020

CVE-2020-12000 7.5 HIGH EPSS 0.00

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

CWE-502 Jun 09, 2020

CVE-2020-10644 7.5 HIGH 1 PoC Analysis EPSS 0.21

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

CWE-502 Jun 09, 2020

CVE-2020-4450 9.8 CRITICAL EXPLOITED 1 PoC Analysis EPSS 0.72

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

CWE-502 Jun 05, 2020