CVE & Exploit Intelligence Database

CVE-2018-1000824 9.8 CRITICAL EPSS 0.02

MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.

CWE-502 Dec 20, 2018

CVE-2018-20148 9.8 CRITICAL 1 PoC Analysis EPSS 0.55

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.

CWE-502 Dec 14, 2018

CVE-2018-1904 8.1 HIGH EPSS 0.01

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.

CWE-502 Dec 11, 2018

CVE-2018-1000861 9.8 CRITICAL KEV RANSOMWARE 2 PoCs Analysis NUCLEI EPSS 0.94

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

CWE-502 Dec 10, 2018

CVE-2018-16476 7.5 HIGH EPSS 0.01

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

CWE-284 Nov 30, 2018

CVE-2018-18987 8.8 HIGH EPSS 0.01

VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.

CWE-502 Nov 30, 2018

CVE-2018-19499 7.2 HIGH EPSS 0.02

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.

CWE-502 Nov 23, 2018

CVE-2018-19396 7.5 HIGH EPSS 0.02

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

CWE-502 Nov 20, 2018

CVE-2018-19274 7.2 HIGH EPSS 0.14

Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.

CWE-502 Nov 17, 2018

CVE-2018-19296 8.8 HIGH EPSS 0.01

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

CWE-502 Nov 16, 2018

CVE-2018-15381 9.8 CRITICAL EPSS 0.28

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.

CWE-502 Nov 08, 2018

CVE-2018-8021 9.8 CRITICAL 2 PoCs Analysis EPSS 0.70

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

CWE-502 Nov 07, 2018

CVE-2018-1851 7.3 HIGH EPSS 0.04

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.

CWE-502 Oct 31, 2018

CVE-2018-15686 7.8 HIGH 2 PoCs Analysis EPSS 0.02

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

CWE-502 Oct 26, 2018

CVE-2018-18013 7.8 HIGH EPSS 0.00

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.

CWE-502 Oct 24, 2018

CVE-2018-18628 9.8 CRITICAL EPSS 0.04

An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.

CWE-502 Oct 23, 2018

CVE-2018-18589 6.3 MEDIUM EPSS 0.01

A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.

CWE-502 Oct 23, 2018

CVE-2018-15616 9.0 CRITICAL EPSS 0.04

A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.

CWE-502 Oct 17, 2018

CVE-2018-3245 9.8 CRITICAL 4 PoCs Analysis EPSS 0.90

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE-502 Oct 17, 2018

CVE-2018-18240 9.8 CRITICAL EPSS 0.03

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.

CWE-502 Oct 11, 2018