Total
1532 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6330 | 1 Redhat | 1 Jboss Operations Network | 2024-08-06 | N/A |
| The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. | ||||
| CVE-2016-6199 | 1 Gradle | 1 Gradle | 2024-08-06 | N/A |
| ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | ||||
| CVE-2016-5019 | 1 Apache | 1 Myfaces Trinidad | 2024-08-06 | N/A |
| CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string. | ||||
| CVE-2016-5003 | 2 Apache, Redhat | 4 Ws-xmlrpc, Enterprise Linux, Jboss Fuse and 1 more | 2024-08-06 | N/A |
| The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. | ||||
| CVE-2016-4978 | 2 Apache, Redhat | 3 Activemq Artemis, Enterprise Linux Server, Jboss Enterprise Application Platform | 2024-08-06 | 7.2 High |
| The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | ||||
| CVE-2016-4974 | 1 Apache | 2 Amqp 0-x Jms Client, Jms Client Amqp | 2024-08-06 | N/A |
| Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function. | ||||
| CVE-2016-4483 | 4 Debian, Oracle, Redhat and 1 more | 4 Debian Linux, Solaris, Jboss Core Services and 1 more | 2024-08-06 | 7.5 High |
| The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. | ||||
| CVE-2016-4398 | 1 Hp | 1 Network Node Manager I | 2024-08-06 | N/A |
| A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | ||||
| CVE-2016-4405 | 1 Hp | 1 Business Service Management | 2024-08-06 | N/A |
| A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 | ||||
| CVE-2016-4385 | 1 Hp | 1 Network Automation | 2024-08-06 | N/A |
| The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. | ||||
| CVE-2016-4000 | 2 Debian, Jython Project | 2 Debian Linux, Jython | 2024-08-06 | N/A |
| Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. | ||||
| CVE-2016-3957 | 1 Web2py | 1 Web2py | 2024-08-06 | N/A |
| The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key. | ||||
| CVE-2016-3690 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-08-06 | N/A |
| The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | ||||
| CVE-2016-3415 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-08-05 | N/A |
| Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | ||||
| CVE-2016-2510 | 4 Beanshell, Canonical, Debian and 1 more | 8 Beanshell, Ubuntu Linux, Debian Linux and 5 more | 2024-08-05 | 8.1 High |
| BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. | ||||
| CVE-2016-1487 | 1 Lexmark | 1 Markvision Enterprise | 2024-08-05 | 8.8 High |
| Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. | ||||
| CVE-2016-1114 | 1 Adobe | 1 Coldfusion | 2024-08-05 | 9.8 Critical |
| Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-0779 | 1 Apache | 1 Tomee | 2024-08-05 | N/A |
| The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | ||||
| CVE-2016-0750 | 2 Infinispan, Redhat | 3 Infinispan, Jboss Data Grid, Jboss Single Sign On | 2024-08-05 | N/A |
| The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. | ||||
| CVE-2016-0360 | 1 Ibm | 1 Websphere Mq Jms | 2024-08-05 | N/A |
| IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. | ||||