Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-02 | CVE-2018-19362 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | 9.8 |
2019-01-02 | CVE-2018-19361 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | 9.8 |
2019-01-02 | CVE-2018-19360 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | 9.8 |
2019-01-02 | CVE-2018-14720 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | 9.8 |
2019-01-02 | CVE-2018-14719 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | 9.8 |
2019-01-02 | CVE-2018-14718 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 9.8 |
2018-12-31 | CVE-2018-6331 | Deserialization of Untrusted Data vulnerability in Facebook Buck Buck parser-cache command loads/saves state using Java serialized object. | 9.8 |
2018-12-28 | CVE-2018-1000888 | Deserialization of Untrusted Data vulnerability in multiple products PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. | 8.8 |
2018-12-20 | CVE-2018-1000833 | Deserialization of Untrusted Data vulnerability in Zoneminder ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | 9.8 |
2018-12-20 | CVE-2018-1000832 | Deserialization of Untrusted Data vulnerability in Zoneminder ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | 9.8 |