Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-27 | CVE-2017-3066 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. | 9.8 |
| 2017-04-26 | CVE-2017-7293 | Deserialization of Untrusted Data vulnerability in Dolby Audio X2 and Dolby Audio X3 The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. | 7.8 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-11 | CVE-2016-4483 | Deserialization of Untrusted Data vulnerability in multiple products The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. | 7.5 |
| 2017-04-11 | CVE-2016-0779 | Deserialization of Untrusted Data vulnerability in Apache Tomee The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |
| 2017-04-10 | CVE-2017-5983 | Deserialization of Untrusted Data vulnerability in Atlassian Jira The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | 9.8 |
| 2017-04-10 | CVE-2016-10304 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Application Server Java 7.50 The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788. | 6.5 |
| 2017-04-06 | CVE-2016-6809 | Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. | 9.8 |
| 2017-03-28 | CVE-2016-8749 | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. | 9.8 |
| 2017-03-23 | CVE-2014-8731 | Deserialization of Untrusted Data vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2 PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. | 9.8 |