EUVD-2018-0619

Malware in sbrugna...

PT-2025-28282 · Sap · Sap Netweaver Application Server For Java Log Viewer

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application server for Java affected versions not specified Description: A critical issue in the Log Viewer component enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitati...

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

VulnCheck KEV: CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

Linux Distros Unpatched Vulnerability : CVE-2023-37895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including...

Linux Distros Unpatched Vulnerability : CVE-2015-7501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x,...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) management platform, related to deficiencies in the data deserialization mechanism, allows a perpetrator to execute arbitrary commands.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform relates to deficiencies in the data deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a specially craft...

CVE-2020-15252

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is...

RHEL 5 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

CVE-2024-3967

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

CVE-2024-3967 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

CVE-2024-3967

The CVE-2024-3967 entry concerns OpenText iManager 3.2.6.0200, where a vulnerability in unsafe Java object deserialization can lead to Remote Code Execution. Documented impact is High/CRITICAL per CVSS, with potential for execution without user interaction over NETWORK (NVD metrics) and adjacent ...

CVE-2024-3967 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

PT-2024-28609 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: A remote code execution issue has been discovered, which can trigger remote code execution using unsafe Java object deserialization. Recommendations: For OpenText iManager version 3.2.6.0200, ...

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

VulnCheck KEV: CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

Remote Code Execution (RCE)

jenkins-core is vulnerable to Remote Code Execution. The vulnerability is due to unsafe deserialization of Java objects. This flaw allows attackers to execute arbitrary code via a crafted serialized Java object, which could trigger an LDAP query to a third-party server...

Insecure Deserialization

nGrinder is vulnerable to Insecure Deserialization. The vulnerability is caused due to a lack of proper input filtering during Java object deserialization within Connector.java. Specifically, unauthenticated users could submit serialized Java objects, leading to the potential execution of arbitra...