Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2018-18589 | Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. | 8.8 |
| 2018-10-17 | CVE-2018-15616 | Deserialization of Untrusted Data vulnerability in Avaya Aura System Platform A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. | 9.8 |
| 2018-10-17 | CVE-2018-3245 | Deserialization of Untrusted Data vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
| 2018-10-11 | CVE-2018-18240 | Deserialization of Untrusted Data vulnerability in Pippo Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | 9.8 |
| 2018-10-05 | CVE-2018-15425 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 4.7 |
| 2018-09-26 | CVE-2018-16364 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 13.7 A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | 8.1 |
| 2018-09-26 | CVE-2018-3972 | Deserialization of Untrusted Data vulnerability in Getmonero Monero 0.12.2.0 An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. | 9.8 |
| 2018-09-25 | CVE-2018-15965 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2018-09-25 | CVE-2018-15959 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2018-09-25 | CVE-2018-15958 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |