Check CVE Id
Check CWE Id
SAP Wily Introscope Enterprise OS Command Injection
Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization
ManageEngine Desktop Central FileStorage getChartImage Deserialization / Unauthenticated Remote Code Execution
Revive Adserver Deserialization / Open Redirect
OpenMRS Platform Insecure Object Deserialization
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation
Solarwinds Virtualization Manager 6.3.1 Java Deserialization
CVEMAP Search Results
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468.
A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 220.127.116.117 P20210507 mishandles deserialization during Microsoft .NET remoting.
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device.
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file.
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
Back to Top