Vulnerabilities (CVE)

CWE filter

CWE-184

Filter

6 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-5968 3 Fasterxml, Redhat, Debian 4 Jackson-databind, Virtualization, Virtualization Host and 1 more 2019-08-29 5.1
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different...
CVE-2018-7489 4 Fasterxml, Debian, Oracle and 1 more 5 Jackson-databind, Debian Linux, Communications Billing And Revenue Management and 2 more 2019-08-22 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending...
CVE-2019-9212 1 Antfin 1 Sofa-hessian 2019-06-28 7.5
** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is...
CVE-2018-6383 1 Monstra 1 Monstra 2018-02-21 6.5
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by...
CVE-2015-5946 1 Sugarcrm 1 Sugarcrm 2017-08-15 4.6
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
CVE-2016-6189 1 Inverse-inc 1 Sogo 2017-02-22 4.0
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.