Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2017-03-13 CVE-2017-5929 Deserialization of Untrusted Data vulnerability in multiple products
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
network
low complexity
qos redhat CWE-502
critical
 9.8
9.8
2017-03-07 CVE-2017-3159 Deserialization of Untrusted Data vulnerability in Apache Camel
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2017-03-03 CVE-2017-5830 Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
network
low complexity
revive-adserver CWE-502
critical
 9.8
9.8
2017-02-15 CVE-2016-0360 Deserialization of Untrusted Data vulnerability in IBM Websphere MQ JMS
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath.
network
low complexity
ibm CWE-502
critical
 9.8
9.8
2017-02-10 CVE-2017-5954 Deserialization of Untrusted Data vulnerability in Serialize-To-Js Project Serialize-To-Js 0.5.0
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js.
network
low complexity
serialize-to-js-project CWE-502
critical
 9.8
9.8
2017-02-09 CVE-2017-5941 Deserialization of Untrusted Data vulnerability in Node-Serialize Project Node-Serialize
An issue was discovered in the node-serialize package 0.0.4 for Node.js.
network
low complexity
node-serialize-project CWE-502
critical
 9.8
9.8
2017-02-07 CVE-2016-6199 Deserialization of Untrusted Data vulnerability in Gradle 2.12
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
network
low complexity
gradle CWE-502
critical
 9.8
9.8
2017-01-18 CVE-2016-3415 Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
network
low complexity
synacor CWE-502
critical
 9.1
9.1
2016-12-11 CVE-2016-9865 Deserialization of Untrusted Data vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-502
critical
 9.8
9.8
2016-12-11 CVE-2016-6620 Deserialization of Untrusted Data vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-502
critical
 9.8
9.8