Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-01-02 CVE-2018-19362 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19361 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19360 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-14720 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-14719 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat netapp CWE-502
critical
9.8
2019-01-02 CVE-2018-14718 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle netapp redhat CWE-502
critical
9.8
2018-12-31 CVE-2018-6331 Deserialization of Untrusted Data vulnerability in Facebook Buck
Buck parser-cache command loads/saves state using Java serialized object.
network
low complexity
facebook CWE-502
critical
9.8
2018-12-28 CVE-2018-1000888 Deserialization of Untrusted Data vulnerability in multiple products
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class.
network
low complexity
php canonical debian CWE-502
8.8
2018-12-20 CVE-2018-1000833 Deserialization of Untrusted Data vulnerability in Zoneminder
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
network
low complexity
zoneminder CWE-502
critical
9.8
2018-12-20 CVE-2018-1000832 Deserialization of Untrusted Data vulnerability in Zoneminder
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
network
low complexity
zoneminder CWE-502
critical
9.8