Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-14 | CVE-2018-17057 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in TCPDF before 6.2.22. | 9.8 |
| 2018-09-11 | CVE-2016-0750 | Deserialization of Untrusted Data vulnerability in Infinispan The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. | 8.8 |
| 2018-09-07 | CVE-2018-1567 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. | 9.8 |
| 2018-09-04 | CVE-2018-10911 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. | 7.5 |
| 2018-09-01 | CVE-2018-15514 | Deserialization of Untrusted Data vulnerability in Docker HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. | 8.8 |
| 2018-08-30 | CVE-2018-10513 | Deserialization of Untrusted Data vulnerability in Trendmicro products A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. | 7.8 |
| 2018-08-30 | CVE-2018-15691 | Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5 Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | 9.8 |
| 2018-08-28 | CVE-2018-14572 | Deserialization of Untrusted Data vulnerability in Pyconuk Conference-Scheduler-Cli In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | 7.8 |
| 2018-08-24 | CVE-2018-15576 | Deserialization of Untrusted Data vulnerability in Hazzardweb Easylogin PRO An issue was discovered in EasyLogin Pro through 1.3.0. | 8.1 |
| 2018-08-23 | CVE-2018-1999042 | Deserialization of Untrusted Data vulnerability in Jenkins A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | 5.3 |