Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rpc vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-45146
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized obje...
Xxl-rpc Project Xxl-rpc
10
CVSSv3
CVE-2017-3623
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to co...
Oracle Solaris
1 Article
9.9
CVSSv3
CVE-2012-1516
The VMX process in VMware ESXi 3.5 up to and including 4.1 and ESX 3.5 up to and including 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS vi...
Vmware Esx 4.0
Vmware Esx 4.1
Vmware Esx 3.5
Vmware Esxi 4.0
Vmware Esxi 4.1
Vmware Esxi 3.5
9.8
CVSSv3
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000...
Mitsubishielectric Fr Configurator2
Mitsubishielectric Mt Works2
Mitsubishielectric Gx Works3
Mitsubishielectric Mc Works64
Mitsubishielectric Mx Component
Mitsubishielectric Melsoft Navigator
Mitsubishielectric Gx Works2
Mitsubishielectric Got2000
Mitsubishielectric Got1000
Mitsubishielectric Ezsocket
9.8
CVSSv3
CVE-2023-36177
An issue exists in badaix Snapcast version 0.27.0, allows remote malicious users to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.
Badaix Snapcast
9.8
CVSSv3
CVE-2024-23636
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to versio...
Sofastack Sofarpc
9.8
CVSSv3
CVE-2023-51467
The vulnerability permits malicious users to circumvent authentication processes, enabling them to remotely execute arbitrary code
Apache Ofbiz
1 Metasploit module
18 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: prior to 18.12.10. Users are recommended to upgrade to version 18.12.10
Apache Ofbiz
15 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-48886
A deserialization vulnerability in NettyRpc v1.2 allows malicious users to execute arbitrary commands via sending a crafted RPC request.
Luxiaoxun Nettyrpc 1.2
9.8
CVSSv3
CVE-2023-48887
A deserialization vulnerability in Jupiter v1.3.1 allows malicious users to execute arbitrary commands via sending a crafted RPC request.
Fengjiachun Jupiter 1.3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »