Total
1329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50219 | 2024-06-04 | N/A | ||
| Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21625. | ||||
| CVE-2023-50220 | 2024-06-04 | N/A | ||
| Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21801. | ||||
| CVE-2020-36182 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-06-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-36184 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-06-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | ||||
| CVE-2020-36179 | 4 Debian, Fasterxml, Netapp and 1 more | 43 Debian Linux, Jackson-databind, Cloud Backup and 40 more | 2024-06-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-36180 | 4 Debian, Fasterxml, Netapp and 1 more | 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more | 2024-06-04 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | ||||
| CVE-2020-11111 | 4 Debian, Fasterxml, Netapp and 1 more | 25 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 22 more | 2024-06-04 | 8.8 High |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | ||||
| CVE-2020-11113 | 4 Debian, Fasterxml, Netapp and 1 more | 32 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 29 more | 2024-06-04 | 8.8 High |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | ||||
| CVE-2020-11112 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2024-06-04 | 8.8 High |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | ||||
| CVE-2024-37057 | 2024-06-04 | 8.8 High | ||
| Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with. | ||||
| CVE-2024-37064 | 2024-06-04 | 7.8 High | ||
| Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded. | ||||
| CVE-2024-3301 | 2024-05-30 | 8.5 High | ||
| An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution. | ||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.0 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38155 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | 8.1 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36777 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 5.7 Medium |
| Microsoft Exchange Server Information Disclosure Vulnerability | ||||
| CVE-2023-36757 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.0 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-36756 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.0 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36745 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.0 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36744 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.0 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36736 | 1 Microsoft | 1 Identity Linux Broker | 2024-05-29 | 4.4 Medium |
| Microsoft Identity Linux Broker Remote Code Execution Vulnerability | ||||