Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-7889 Deserialization of Untrusted Data vulnerability in Calibre-Ebook Calibre 3.18.0
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
local
low complexity
calibre-ebook CWE-502
7.8
2018-03-08 CVE-2018-0147 Deserialization of Untrusted Data vulnerability in Cisco Secure Access Control System 5.2(0.3)
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
network
low complexity
cisco CWE-502
critical
9.8
2018-02-27 CVE-2017-15693 Deserialization of Untrusted Data vulnerability in Apache Geode
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form.
network
high complexity
apache CWE-502
7.5
2018-02-27 CVE-2017-15692 Deserialization of Untrusted Data vulnerability in Apache Geode
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data.
network
low complexity
apache CWE-502
critical
9.8
2018-02-26 CVE-2018-7489 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-02-15 CVE-2017-8967 Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
network
low complexity
hp CWE-502
8.8
2018-02-15 CVE-2017-8966 Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
network
low complexity
hp CWE-502
8.8
2018-02-15 CVE-2017-8965 Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
network
low complexity
hp CWE-502
8.8
2018-02-15 CVE-2017-8964 Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
network
low complexity
hp CWE-502
8.8
2018-02-15 CVE-2017-8963 Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center 7.3
A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
network
low complexity
hp CWE-502
8.8