Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-01 | CVE-2018-15514 | Deserialization of Untrusted Data vulnerability in Docker HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. | 8.8 |
| 2018-08-30 | CVE-2018-10513 | Deserialization of Untrusted Data vulnerability in Trendmicro products A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. | 7.8 |
| 2018-08-30 | CVE-2018-15691 | Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5 Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | 9.8 |
| 2018-08-28 | CVE-2018-14572 | Deserialization of Untrusted Data vulnerability in Pyconuk Conference-Scheduler-Cli In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | 7.8 |
| 2018-08-24 | CVE-2018-15576 | Deserialization of Untrusted Data vulnerability in Hazzardweb Easylogin PRO An issue was discovered in EasyLogin Pro through 1.3.0. | 8.1 |
| 2018-08-23 | CVE-2018-1999042 | Deserialization of Untrusted Data vulnerability in Jenkins A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | 5.3 |
| 2018-08-20 | CVE-2018-1000641 | Deserialization of Untrusted Data vulnerability in Yeswiki 201210221/201310171/201603171 YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | 9.8 |
| 2018-08-18 | CVE-2018-15503 | Deserialization of Untrusted Data vulnerability in Swoole 4.0.4 The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. | 7.5 |
| 2018-08-17 | CVE-2018-3784 | Deserialization of Untrusted Data vulnerability in Cryo Project Cryo 0.0.6 A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | 9.8 |
| 2018-08-15 | CVE-2018-8349 | Deserialization of Untrusted Data vulnerability in Microsoft products A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |