Total
2118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26153 | 1 Geokit | 1 Geokit-rails | 2024-11-21 | N/A | 8.3 HIGH |
| Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system. | |||||
| CVE-2023-25770 | 1 Honeywell | 2 C300, C300 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-25558 | 1 Datahub Project | 1 Datahub | 2024-11-21 | N/A | 7.5 HIGH |
| DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086. | |||||
| CVE-2023-24971 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2024-11-21 | N/A | 7.5 HIGH |
| IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976. | |||||
| CVE-2023-24621 | 1 Esotericsoftware | 1 Yamlbeans | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed. | |||||
| CVE-2023-23930 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | N/A | 5.5 MEDIUM |
| vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround. | |||||
| CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2023-23649 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | |||||
| CVE-2023-23638 | 1 Apache | 1 Dubbo | 2024-11-21 | N/A | 5.0 MEDIUM |
| A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions. | |||||
| CVE-2023-21779 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2023-21762 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-21745 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2023-21744 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21713 | 1 Microsoft | 1 Sql Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21710 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 7.2 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21707 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21706 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21703 | 1 Microsoft | 2 Azure Data Box Gateway, Azure Stack Edge | 2024-11-21 | N/A | 6.5 MEDIUM |
| Azure Data Box Gateway Remote Code Execution Vulnerability | |||||
| CVE-2023-21568 | 1 Microsoft | 2 Sql Server 2019 Integration Services, Sql Server 2022 Integration Services | 2024-11-21 | N/A | 7.3 HIGH |
| Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | |||||
| CVE-2023-21538 | 2 Fedoraproject, Microsoft | 3 Fedora, .net, Powershell | 2024-11-21 | N/A | 7.5 HIGH |
| .NET Denial of Service Vulnerability | |||||