Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-01 | CVE-2016-8648 | Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. | 7.2 |
| 2018-07-25 | CVE-2017-10934 | Deserialization of Untrusted Data vulnerability in ZTE Zxiptv-Epg Firmware All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
| 2018-07-20 | CVE-2018-8018 | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |
| 2018-07-13 | CVE-2016-9498 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. | 9.8 |
| 2018-07-13 | CVE-2016-9483 | Deserialization of Untrusted Data vulnerability in Jqueryform PHP Formmail Generator The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. | 9.8 |
| 2018-06-27 | CVE-2017-18342 | Deserialization of Untrusted Data vulnerability in multiple products In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. | 9.8 |
| 2018-06-26 | CVE-2018-1000527 | Deserialization of Untrusted Data vulnerability in Froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. | 7.2 |
| 2018-06-26 | CVE-2018-1000525 | Deserialization of Untrusted Data vulnerability in Openpsa2 Openpsa openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. | 9.8 |
| 2018-06-26 | CVE-2018-1000509 | Deserialization of Untrusted Data vulnerability in Redirection 2.7.1 Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. | 7.2 |
| 2018-06-16 | CVE-2018-6497 | Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |