CVE & Exploit Intelligence Database

CVE-2019-6340 8.1 HIGH KEV 16 PoCs Analysis NUCLEI EPSS 0.94

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)

CWE-502 Feb 21, 2019

CVE-2019-7743 9.8 CRITICAL EPSS 0.01

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

CWE-502 Feb 12, 2019

CVE-2019-1000005 8.8 HIGH EPSS 0.00

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8.

CWE-502 Feb 04, 2019

CVE-2019-6503 9.8 CRITICAL EPSS 0.00

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.

CWE-502 Jan 22, 2019

CVE-2019-6338 8.0 HIGH EPSS 0.01

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details

CWE-502 Jan 22, 2019

CVE-2018-20732 9.8 CRITICAL EPSS 0.03

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

CWE-502 Jan 17, 2019

CVE-2019-6446 9.8 CRITICAL 1 PoC Analysis EPSS 0.52

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

CWE-502 Jan 16, 2019

CVE-2018-20718 9.8 CRITICAL 1 PoC Analysis EPSS 0.09

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.

CWE-502 Jan 15, 2019

CVE-2018-6162 8.8 HIGH EPSS 0.02

Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-502 Jan 09, 2019

CVE-2018-19362 9.8 CRITICAL 2 PoCs Analysis EPSS 0.04

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

CWE-502 Jan 02, 2019

CVE-2018-19361 9.8 CRITICAL 2 PoCs Analysis EPSS 0.02

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

CWE-502 Jan 02, 2019

CVE-2018-19360 9.8 CRITICAL 2 PoCs Analysis EPSS 0.07

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

CWE-502 Jan 02, 2019

CVE-2018-14720 9.8 CRITICAL 2 PoCs Analysis EPSS 0.03

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

CWE-502 Jan 02, 2019

CVE-2018-14719 9.8 CRITICAL 2 PoCs Analysis EPSS 0.03

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

CWE-502 Jan 02, 2019

CVE-2018-14718 9.8 CRITICAL 2 PoCs Analysis EPSS 0.15

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

CWE-502 Jan 02, 2019

CVE-2018-6331 9.8 CRITICAL 1 Writeup EPSS 0.01

Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.

CWE-502 Dec 31, 2018

CVE-2018-1000888 8.8 HIGH 1 PoC Analysis EPSS 0.29

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.

CWE-502 Dec 28, 2018

CVE-2018-1000833 9.8 CRITICAL EPSS 0.02

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

CWE-502 Dec 20, 2018

CVE-2018-1000832 9.8 CRITICAL EPSS 0.08

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

CWE-502 Dec 20, 2018

CVE-2018-1000827 9.8 CRITICAL EPSS 0.02

Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

CWE-502 Dec 20, 2018