Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2017-12557 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.2/7.3 A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | 9.8 |
| 2018-02-15 | CVE-2017-12556 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.2/7.3 A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | 9.8 |
| 2018-02-15 | CVE-2016-8519 | Deserialization of Untrusted Data vulnerability in HP Operations Orchestration A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | 9.8 |
| 2018-02-15 | CVE-2016-8511 | Deserialization of Untrusted Data vulnerability in HP Network Automation A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | 9.8 |
| 2018-02-15 | CVE-2017-15089 | Deserialization of Untrusted Data vulnerability in Infinispan It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. | 8.8 |
| 2018-02-09 | CVE-2018-1000059 | Deserialization of Untrusted Data vulnerability in Validformbuilder Validform Builder 4.5.4 ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. | 9.8 |
| 2018-02-09 | CVE-2018-1000058 | Deserialization of Untrusted Data vulnerability in Jenkins Pipeline Supporting Apis 2.15/2.16/2.17 Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. | 8.8 |
| 2018-02-09 | CVE-2018-1000048 | Deserialization of Untrusted Data vulnerability in Nasa Rtretrievalframework 1.0 NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. | 8.8 |
| 2018-02-09 | CVE-2018-1000047 | Deserialization of Untrusted Data vulnerability in Nasa Kodiak 1.0 NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. | 8.8 |
| 2018-02-09 | CVE-2018-1000046 | Deserialization of Untrusted Data vulnerability in Nasa Pyblock 1.0/1.3 NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. | 7.8 |