Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-06 | CVE-2016-6809 | Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. | 9.8 |
| 2017-03-28 | CVE-2016-8749 | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. | 9.8 |
| 2017-03-23 | CVE-2014-8731 | Deserialization of Untrusted Data vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2 PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. | 9.8 |
| 2017-03-13 | CVE-2017-5929 | Deserialization of Untrusted Data vulnerability in multiple products QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. | 9.8 |
| 2017-03-07 | CVE-2017-3159 | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. | 9.8 |
| 2017-03-03 | CVE-2017-5830 | Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | 9.8 |
| 2017-02-15 | CVE-2016-0360 | Deserialization of Untrusted Data vulnerability in IBM Websphere MQ JMS IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. | 9.8 |
| 2017-02-10 | CVE-2017-5954 | Deserialization of Untrusted Data vulnerability in Serialize-To-Js Project Serialize-To-Js 0.5.0 An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. | 9.8 |
| 2017-02-09 | CVE-2017-5941 | Deserialization of Untrusted Data vulnerability in Node-Serialize Project Node-Serialize An issue was discovered in the node-serialize package 0.0.4 for Node.js. | 9.8 |
| 2017-02-07 | CVE-2016-6199 | Deserialization of Untrusted Data vulnerability in Gradle 2.12 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |