Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-502
Total 934 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000034 1 Akka 1 Akka 2017-08-04 9.3 HIGH 8.1 HIGH
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
CVE-2016-0360 1 Ibm 1 Websphere Mq Jms 2017-07-26 7.5 HIGH 9.8 CRITICAL
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457.
CVE-2017-9785 1 Nancyfx 1 Nancy 2017-07-25 7.5 HIGH 9.8 CRITICAL
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
CVE-2017-9830 1 Code42 1 Crashplan 2017-07-05 7.5 HIGH 9.8 CRITICAL
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
CVE-2017-9424 1 Ideablade 1 Breeze.server.net 2017-06-30 7.5 HIGH 9.8 CRITICAL
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.
CVE-2016-3690 1 Redhat 1 Jboss Enterprise Application Platform 2017-06-21 7.5 HIGH 9.8 CRITICAL
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
CVE-2016-7050 1 Redhat 4 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 1 more 2017-06-16 7.5 HIGH 9.8 CRITICAL
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
CVE-2017-9363 1 Soffid 1 Iam 2017-06-09 7.5 HIGH 9.8 CRITICAL
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
CVE-2017-8829 1 Debian 1 Lintian 2017-05-16 6.8 MEDIUM 7.8 HIGH
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
CVE-2017-5983 1 Atlassian 1 Jira 2017-04-14 7.5 HIGH 9.8 CRITICAL
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
CVE-2017-5954 1 Serialize-to-js Project 1 Serialize-to-js 2017-03-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
CVE-2016-6199 1 Gradle 1 Gradle 2017-02-13 7.5 HIGH 9.8 CRITICAL
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
CVE-2016-7065 1 Redhat 1 Jboss Enterprise Application Platform 2016-12-22 6.5 MEDIUM 8.8 HIGH
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
CVE-2013-4271 1 Restlet 1 Restlet 2016-12-06 7.5 HIGH N/A
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.