Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-05 | CVE-2017-2295 | Deserialization of Untrusted Data vulnerability in multiple products Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. | 8.2 |
| 2017-07-04 | CVE-2017-10803 | Deserialization of Untrusted Data vulnerability in Odoo 10.0/8.0/9.0 In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used. | 6.5 |
| 2017-06-30 | CVE-2017-2292 | Deserialization of Untrusted Data vulnerability in Puppet Mcollective Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. | 9.0 |
| 2017-06-27 | CVE-2017-9830 | Deserialization of Untrusted Data vulnerability in Code42 Crashplan 5.4 Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients. | 9.8 |
| 2017-06-22 | CVE-2017-9424 | Deserialization of Untrusted Data vulnerability in Ideablade Breeze.Server.Net IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization. | 9.8 |
| 2017-06-08 | CVE-2016-7050 | Deserialization of Untrusted Data vulnerability in Redhat products SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | 9.8 |
| 2017-06-08 | CVE-2016-3690 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | 9.8 |
| 2017-06-08 | CVE-2017-5878 | Deserialization of Untrusted Data vulnerability in Red5 Media Server The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. | 9.8 |
| 2017-06-07 | CVE-2017-4914 | Deserialization of Untrusted Data vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. | 9.8 |
| 2017-06-02 | CVE-2017-9363 | Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4 Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 9.8 |