Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-17556
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in t...
Apache Olingo
9.8
CVSSv3
CVE-2019-12630
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affe...
Cisco Security Manager
NA
CVE-2018-1705717
TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution.
9.8
CVSSv3
CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the ...
Ibm Tivoli Common Reporting 3.1.2
Ibm Tivoli Common Reporting 3.1.0.2
Ibm Tivoli Common Reporting 3.1.0.1
Ibm Tivoli Common Reporting 3.1
Ibm Tivoli Common Reporting 3.1.2.1
Ibm Tivoli Common Reporting 2.1
Ibm Tivoli Common Reporting 2.1.1.2
Ibm Tivoli Common Reporting 2.1.1
1 EDB exploit
NA
CVE-2024-20542
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
8.8
CVSSv3
CVE-2022-20763
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote malicious user to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit thi...
Cisco Webex Meetings Online Wbs42.2.1-1
7.5
CVSSv3
CVE-2018-15811
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 uses a weak encryption algorithm to protect input parameters.
Dnnsoftware Dotnetnuke
9.8
CVSSv3
CVE-2020-27131
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-suppli...
Cisco Security Manager
9.8
CVSSv3
CVE-2015-5254
Apache ActiveMQ 5.x prior to 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote malicious users to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Redhat Openshift 2.0
Apache Activemq 5.3.0
Apache Activemq 5.11.1
Apache Activemq 5.8.0
Apache Activemq 5.4.3
Apache Activemq 5.4.0
Apache Activemq 5.5.1
Apache Activemq 5.12.0
Apache Activemq 5.4.1
Apache Activemq 5.9.0
Apache Activemq 5.11.2
Apache Activemq 5.11.0
Apache Activemq 5.3.1
Apache Activemq 5.2.0
Apache Activemq 5.7.0
Apache Activemq 5.0.0
Apache Activemq 5.12.1
Apache Activemq 5.10.1
Apache Activemq 5.10.0
Apache Activemq 5.1.0
Apache Activemq 5.5.0
Apache Activemq 5.3.2
3 Github repositories
5.7
CVSSv3
CVE-2023-36777
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »