CVE & Exploit Intelligence Database

CVE-2017-12556 9.8 CRITICAL EPSS 0.52

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

CWE-502 Feb 15, 2018

CVE-2016-8519 9.8 CRITICAL EPSS 0.58

A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.

CWE-502 Feb 15, 2018

CVE-2016-8511 9.8 CRITICAL EPSS 0.18

A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.

CWE-502 Feb 15, 2018

CVE-2017-15089 8.8 HIGH EPSS 0.02

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

CWE-502 Feb 15, 2018

CVE-2018-1000059 9.8 CRITICAL EPSS 0.00

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system.

CWE-502 Feb 09, 2018

CVE-2018-1000058 8.8 HIGH EPSS 0.01

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

CWE-502 Feb 09, 2018

CVE-2018-1000048 8.8 HIGH EPSS 0.01

NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file.

CWE-502 Feb 09, 2018

CVE-2018-1000047 8.8 HIGH EPSS 0.01

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library.

CWE-502 Feb 09, 2018

CVE-2018-1000046 7.8 HIGH EPSS 0.01

NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4.

CWE-502 Feb 09, 2018

CVE-2018-1000045 7.8 HIGH EPSS 0.01

NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.1.

CWE-502 Feb 09, 2018

CVE-2016-3957 9.8 CRITICAL 1 PoC Analysis EPSS 0.13

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.

CWE-502 Feb 06, 2018

CVE-2017-7525 9.8 CRITICAL 7 PoCs Analysis EPSS 0.79

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CWE-184 Feb 06, 2018

CVE-2017-15095 9.8 CRITICAL 2 PoCs Analysis EPSS 0.09

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

CWE-184 Feb 06, 2018

CVE-2017-1000355 6.5 MEDIUM EPSS 0.00

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CWE-502 Jan 29, 2018

CVE-2017-1000353 9.8 CRITICAL KEV 7 PoCs Analysis NUCLEI EPSS 0.95

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.

CWE-502 Jan 29, 2018

CVE-2017-4947 9.8 CRITICAL EPSS 0.27

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

CWE-502 Jan 29, 2018

CVE-2017-15703 5.0 MEDIUM EPSS 0.00

Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CWE-502 Jan 25, 2018

CVE-2018-1051 8.1 HIGH EPSS 0.01

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

CWE-502 Jan 25, 2018

CVE-2017-17406 9.8 CRITICAL EPSS 0.30

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.

CWE-502 Jan 23, 2018

CVE-2018-5968 8.1 HIGH 2 PoCs Analysis EPSS 0.02

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

CWE-184 Jan 22, 2018