Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-20 | CVE-2018-1000641 | Deserialization of Untrusted Data vulnerability in Yeswiki 201210221/201310171/201603171 YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | 9.8 |
| 2018-08-18 | CVE-2018-15503 | Deserialization of Untrusted Data vulnerability in Swoole 4.0.4 The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. | 7.5 |
| 2018-08-17 | CVE-2018-3784 | Deserialization of Untrusted Data vulnerability in Cryo Project Cryo 0.0.6 A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | 9.8 |
| 2018-08-15 | CVE-2018-8349 | Deserialization of Untrusted Data vulnerability in Microsoft products A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-08-14 | CVE-2018-12539 | Deserialization of Untrusted Data vulnerability in multiple products In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. | 7.8 |
| 2018-08-13 | CVE-2018-14878 | Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 7.8 |
| 2018-08-09 | CVE-2018-15133 | Deserialization of Untrusted Data vulnerability in Laravel In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. | 8.1 |
| 2018-08-06 | CVE-2016-4405 | Deserialization of Untrusted Data vulnerability in HP Business Service Management A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 | 8.8 |
| 2018-08-06 | CVE-2016-4398 | Deserialization of Untrusted Data vulnerability in HP Network Node Manager I 10.00/10.01/10.10 A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | 8.8 |
| 2018-08-01 | CVE-2016-8653 | Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. | 5.3 |