Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-30 | CVE-2018-16476 | Deserialization of Untrusted Data vulnerability in multiple products A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. | 7.5 |
| 2018-11-30 | CVE-2018-18987 | Deserialization of Untrusted Data vulnerability in Invt Vt-Designer 2.1.7.31 VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. | 8.8 |
| 2018-11-23 | CVE-2018-19499 | Deserialization of Untrusted Data vulnerability in Vanillaforums Vanilla Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | 7.2 |
| 2018-11-20 | CVE-2018-19396 | Deserialization of Untrusted Data vulnerability in PHP ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | 7.5 |
| 2018-11-08 | CVE-2018-15381 | Deserialization of Untrusted Data vulnerability in Cisco Unity Express A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. | 9.8 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |
| 2018-10-31 | CVE-2018-1851 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. | 9.8 |
| 2018-10-26 | CVE-2018-15686 | Deserialization of Untrusted Data vulnerability in multiple products A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. | 7.8 |
| 2018-10-24 | CVE-2018-18013 | Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. | 7.8 |
| 2018-10-23 | CVE-2018-18628 | Deserialization of Untrusted Data vulnerability in Pippo 1.11.0 An issue was discovered in Pippo 1.11.0. | 9.8 |