CVE & Exploit Intelligence Database

CVE-2019-4561 8.8 HIGH EPSS 0.02

IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.

CWE-502 Nov 20, 2019

CVE-2019-1373 9.8 CRITICAL EPSS 0.10

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

CWE-502 Nov 12, 2019

CVE-2019-8141 7.2 HIGH EPSS 0.02

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality.

CWE-502 Nov 06, 2019

CVE-2019-18631 7.8 HIGH EPSS 0.01

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file.

CWE-502 Nov 05, 2019

CVE-2019-18364 9.8 CRITICAL EPSS 0.00

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

CWE-502 Oct 31, 2019

CVE-2019-18601 7.5 HIGH EPSS 0.01

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.

CWE-502 Oct 29, 2019

CVE-2019-12017 9.8 CRITICAL EPSS 0.03

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which Java class this JSON request is deserialized to. By doing so, the attacker can force the MapR CLDB to construct a URLClassLoader which loads a malicious Java class from a remote path and instantiate this object in the MapR CLDB, thus executing arbitrary code on the machine running the MapR CLDB and take over the cluster. By switching to the newer Jackson library and ensuring that all incoming JSON requests are only deserialized to the same class that it was serialized from, the vulnerability is fixed. This vulnerability affects the entire MapR core platform.

CWE-502 Oct 24, 2019

CVE-2019-13116 9.8 CRITICAL EPSS 0.02

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections

CWE-502 Oct 16, 2019

CVE-2019-17531 9.8 CRITICAL 2 PoCs Analysis EPSS 0.01

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

CWE-502 Oct 12, 2019

CVE-2019-17267 9.8 CRITICAL 2 PoCs Analysis EPSS 0.01

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

CWE-502 Oct 07, 2019

CVE-2019-17206 9.8 CRITICAL EPSS 0.01

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.

CWE-502 Oct 05, 2019

CVE-2019-16891 9.8 CRITICAL 1 PoC Analysis EPSS 0.80

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

CWE-502 Oct 04, 2019

CVE-2019-12630 9.8 CRITICAL EPSS 0.08

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.

CWE-502 Oct 02, 2019

CVE-2019-17080 7.8 HIGH 3 PoCs Analysis EPSS 0.11

mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.

CWE-502 Oct 02, 2019

CVE-2019-16943 9.8 CRITICAL 2 PoCs Analysis EPSS 0.02

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

CWE-502 Oct 01, 2019

CVE-2019-16942 9.8 CRITICAL 2 PoCs Analysis EPSS 0.00

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

CWE-502 Oct 01, 2019

CVE-2019-10202 9.8 CRITICAL EPSS 0.07

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

CWE-502 Oct 01, 2019

CVE-2019-9373 5.5 MEDIUM EPSS 0.00

In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-130173029

CWE-502 Sep 27, 2019

CVE-2019-9365 9.8 CRITICAL EPSS 0.01

In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537

CWE-502 Sep 27, 2019

CVE-2019-16894 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

download.php in inoERP 4.15 allows SQL injection through insecure deserialization.

CWE-502 Sep 26, 2019