Vulnerabilities (CVE)

Filter

37479 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-0114 1 Apache 2 Commons Beanutils, Struts 2019-05-25 7.5
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers...
CVE-2018-19362 3 Fasterxml, Debian, Oracle 7 Jackson-databind, Debian Linux, Business Process Management Suite and 4 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-19361 3 Fasterxml, Debian, Oracle 7 Jackson-databind, Debian Linux, Business Process Management Suite and 4 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 3 Fasterxml, Debian, Oracle 7 Jackson-databind, Debian Linux, Business Process Management Suite and 4 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-14721 3 Fasterxml, Debian, Oracle 11 Jackson-databind, Debian Linux, Banking Platform and 8 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720 3 Fasterxml, Debian, Oracle 11 Jackson-databind, Debian Linux, Banking Platform and 8 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14719 3 Fasterxml, Debian, Oracle 10 Jackson-databind, Debian Linux, Banking Platform and 7 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 3 Fasterxml, Debian, Oracle 10 Jackson-databind, Debian Linux, Banking Platform and 7 more 2019-05-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2019-11831 2019-05-25 7.5
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a...
CVE-2019-11328 1 Sylabs 1 Singularity 2019-05-25 9.0
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within...
CVE-2019-0708 1 Microsoft 2 Windows 7, Windows Server 2008 2019-05-24 10.0
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop...
CVE-2016-8899 1 Exponentcms 1 Exponent Cms 2019-05-24 7.5
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
CVE-2016-8897 1 Exponentcms 1 Exponent Cms 2019-05-24 7.5
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVE-2017-11365 1 Sensiolabs 1 Symfony 2019-05-24 7.5
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
CVE-2019-7088 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2019-05-24 10.0
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary...
CVE-2019-7027 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2019-05-24 10.0
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to...
CVE-2018-7780 2019-05-24 7.5
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".
CVE-2019-10854 1 Computrols 1 Computrols Building Automation Software 2019-05-24 9.0
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
CVE-2019-10850 1 Computrols 1 Computrols Building Automation Software 2019-05-24 10.0
Computrols CBAS 18.0.0 has Default Credentials.
CVE-2019-11873 1 Wolfssl 1 Wolfssl 2019-05-24 7.5
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields...