Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

87 matches found

Tenable Nessus
Tenable Nessusadded 2016/02/29 12:0 a.m.170 views

Jenkins < 1.642.2 / 1.650 Java Object Deserialization RCE

The Jenkins web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Groovy library, specifically the runtime.MethodClosure class. An unauthenticated, remote attacker can exploit this, via a...

9CVSS7.8AI score0.90556EPSS
Exploits23References4
Tenable Nessus
Tenable Nessusadded 2016/02/17 12:0 a.m.242 views

Lexmark Markvision Enterprise Java Object Deserialization RCE

The remote Lexmark Markvision Enterprise server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted...

8.8CVSS9.3AI score0.00856EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2016/02/03 12:0 a.m.30 views

HP Operations Manager for Windows 8.x and 9.0 Java Object Deserialization RCE

The version of HP Operations Manager installed on the remote host has the Sam Admin Adapter installed. This package is no longer supported by HP and is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collectio...

10CVSS9.2AI score0.03233EPSS
Exploits0References2
CNVD
CNVDadded 2015/12/20 12:0 a.m.2 views

Apache Camel Java Object Deserialization Vulnerability

Apache Camel is based on the known enterprise-class integration model on the open source integration framework . Camel router , if camel-jetty or camel-servlet used as a consumer , Camel will automatically deserialize HTTP requests using content-header: application/x-java-serialized-object , remo...

8.1CVSS9.3AI score0.06832EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2015/12/16 12:0 a.m.65 views

Apache ActiveMQ 5.x < 5.13.0 Java Object Deserialization RCE

The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.13.0. It is, therefore, affected by a remote code execution vulnerability in the broker due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated,...

9.8CVSS8.7AI score0.8038EPSS
Exploits4References3
Tenable Nessus
Tenable Nessusadded 2015/11/23 12:0 a.m.1763 views

Oracle WebLogic Java Object Deserialization RCE

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to execute...

9.8CVSS8.6AI score0.92947EPSS
Exploits16References3
Veracode
Veracodeadded 2015/11/09 7:34 p.m.88 views

Potential Remote Code Execution Via Java Object Deserialization

Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...

10CVSS9.7AI score0.93274EPSS
Exploits33References24Affected Software6
Rows per page
Query Builder