Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-1000167 | Deserialization of Untrusted Data vulnerability in Oisf Suricata-Update 1.0.0A1 OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. | 7.8 |
| 2018-04-13 | CVE-2018-10085 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. | 9.8 |
| 2018-04-12 | CVE-2018-9843 | Deserialization of Untrusted Data vulnerability in Cyberark Password Vault 10.0 The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | 9.8 |
| 2018-04-04 | CVE-2017-13286 | Deserialization of Untrusted Data vulnerability in Google Android 8.0/8.1 In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. | 7.8 |
| 2018-04-02 | CVE-2018-1295 | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |
| 2018-03-29 | CVE-2015-2020 | Deserialization of Untrusted Data vulnerability in Myscript The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | 9.8 |
| 2018-03-22 | CVE-2017-1677 | Deserialization of Untrusted Data vulnerability in IBM DB2 IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. | 7.8 |
| 2018-03-14 | CVE-2018-7529 | Deserialization of Untrusted Data vulnerability in Osisoft PI Data Archive 3.4.430.460 A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. | 7.5 |
| 2018-03-13 | CVE-2018-1000074 | Deserialization of Untrusted Data vulnerability in Rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. | 7.8 |
| 2018-03-09 | CVE-2016-9585 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 5.0.0 Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. | 5.3 |