Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-15811
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 uses a weak encryption algorithm to protect input parameters.
Dnnsoftware Dotnetnuke
9.8
CVSSv3
CVE-2016-3642
The RMI service in SolarWinds Virtualization Manager 6.3.1 and previous versions allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Solarwinds Virtualization Manager
9.8
CVSSv3
CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the ...
Ibm Tivoli Common Reporting 3.1.2
Ibm Tivoli Common Reporting 3.1.0.2
Ibm Tivoli Common Reporting 3.1.0.1
Ibm Tivoli Common Reporting 3.1
Ibm Tivoli Common Reporting 3.1.2.1
Ibm Tivoli Common Reporting 2.1
Ibm Tivoli Common Reporting 2.1.1.2
Ibm Tivoli Common Reporting 2.1.1
1 EDB exploit
9.8
CVSSv3
CVE-2015-5254
Apache ActiveMQ 5.x prior to 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote malicious users to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Redhat Openshift 2.0
Apache Activemq 5.3.0
Apache Activemq 5.11.1
Apache Activemq 5.8.0
Apache Activemq 5.4.3
Apache Activemq 5.4.0
Apache Activemq 5.5.1
Apache Activemq 5.12.0
Apache Activemq 5.4.1
Apache Activemq 5.9.0
Apache Activemq 5.11.2
Apache Activemq 5.11.0
Apache Activemq 5.3.1
Apache Activemq 5.2.0
Apache Activemq 5.7.0
Apache Activemq 5.0.0
Apache Activemq 5.12.1
Apache Activemq 5.10.1
Apache Activemq 5.10.0
Apache Activemq 5.1.0
Apache Activemq 5.5.0
Apache Activemq 5.3.2
4 Github repositories
NA
CVE-2018-1705717
TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution.
9.8
CVSSv3
CVE-2021-23758
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
Ajaxpro.2 Project Ajaxpro.2
1 Github repository
9.8
CVSSv3
CVE-2020-27131
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-suppli...
Cisco Security Manager
9.8
CVSSv3
CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
Facebook Parlai
9.8
CVSSv3
CVE-2019-17556
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in t...
Apache Olingo
9.8
CVSSv3
CVE-2019-12630
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affe...
Cisco Security Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »