Total
1768 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12558 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2017-12557 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2017-12556 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2017-10992 | 1 Hp | 1 Storage Essentials | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461. | |||||
| CVE-2017-10934 | 1 Zte | 2 Zxiptv-epg, Zxiptv-epg Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2017-1000355 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | |||||
| CVE-2017-1000353 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. | |||||
| CVE-2016-9585 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. | |||||
| CVE-2016-9498 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system. | |||||
| CVE-2016-9483 | 1 Jqueryform | 1 Php Formmail Generator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server. | |||||
| CVE-2016-9045 | 1 Processmaker | 1 Processmaker | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | |||||
| CVE-2016-8653 | 1 Redhat | 2 Jboss A-mq, Jboss Fuse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack. | |||||
| CVE-2016-8648 | 1 Redhat | 2 Jboss A-mq, Jboss Fuse | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath. | |||||
| CVE-2016-8519 | 1 Hp | 1 Operations Orchestration | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | |||||
| CVE-2016-8511 | 1 Hp | 1 Network Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | |||||
| CVE-2016-6814 | 2 Apache, Redhat | 2 Groovy, Enterprise Linux Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability. | |||||
| CVE-2016-4405 | 1 Hp | 1 Business Service Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 | |||||
| CVE-2016-4398 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | |||||
| CVE-2016-3957 | 1 Web2py | 1 Web2py | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key. | |||||
| CVE-2016-1487 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. | |||||