CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

VulnCheck KEV: CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

Linux Distros Unpatched Vulnerability : CVE-2023-37895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including...

Linux Distros Unpatched Vulnerability : CVE-2015-7501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x,...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2020-15252

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is...

RHEL 5 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

CVE-2024-3967

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

CVE-2024-3967 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

CVE-2024-3967 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

CVE-2024-3967

The CVE-2024-3967 entry concerns OpenText iManager 3.2.6.0200, where a vulnerability in unsafe Java object deserialization can lead to Remote Code Execution. Documented impact is High/CRITICAL per CVSS, with potential for execution without user interaction over NETWORK (NVD metrics) and adjacent ...

PT-2024-28609 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: A remote code execution issue has been discovered, which can trigger remote code execution using unsafe Java object deserialization. Recommendations: For OpenText iManager version 3.2.6.0200, ...

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

VulnCheck KEV: CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

Remote Code Execution (RCE)

jenkins-core is vulnerable to Remote Code Execution. The vulnerability is due to unsafe deserialization of Java objects. This flaw allows attackers to execute arbitrary code via a crafted serialized Java object, which could trigger an LDAP query to a third-party server...

Insecure Deserialization

nGrinder is vulnerable to Insecure Deserialization. The vulnerability is caused due to a lack of proper input filtering during Java object deserialization within Connector.java. Specifically, unauthenticated users could submit serialized Java objects, leading to the potential execution of arbitra...

Fedora: Security Advisory for jol (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

GLSA-202401-26 : Apache XML-RPC: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-26 Apache XML-RPC: Multiple Vulnerabilities - XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forger...