Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-07 | CVE-2017-3159 | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. | 9.8 |
2017-03-03 | CVE-2017-5830 | Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | 7.5 |
2017-02-15 | CVE-2016-0360 | Deserialization of Untrusted Data vulnerability in IBM Websphere MQ JMS IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. | 7.5 |
2017-02-10 | CVE-2017-5954 | Deserialization of Untrusted Data vulnerability in Serialize-To-Js Project Serialize-To-Js 0.5.0 An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. | 7.5 |
2017-02-09 | CVE-2017-5941 | Deserialization of Untrusted Data vulnerability in Node-Serialize Project Node-Serialize An issue was discovered in the node-serialize package 0.0.4 for Node.js. | 7.5 |
2017-02-07 | CVE-2016-6199 | Deserialization of Untrusted Data vulnerability in Gradle 2.12 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | 7.5 |
2017-01-18 | CVE-2016-3415 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | 6.4 |
2016-12-11 | CVE-2016-6620 | Deserialization of Untrusted Data vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 7.5 |
2016-10-13 | CVE-2016-7065 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 4.0.0/5.0.0 The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. | 6.5 |
2016-10-03 | CVE-2016-5019 | Deserialization of Untrusted Data vulnerability in Apache Myfaces Trinidad CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string. | 7.5 |