Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2018-09-25 CVE-2018-15957 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2018-09-17 CVE-2016-9045 Deserialization of Untrusted Data vulnerability in Processmaker 3.0.1.7
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community.
network
low complexity
processmaker CWE-502
8.8
8.8
2018-09-14 CVE-2018-17057 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in TCPDF before 6.2.22.
network
low complexity
tecnick limesurvey CWE-502
critical
 9.8
9.8
2018-09-11 CVE-2016-0750 Deserialization of Untrusted Data vulnerability in Infinispan
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events.
network
low complexity
infinispan CWE-502
8.8
8.8
2018-09-07 CVE-2018-1567 Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources.
network
low complexity
ibm CWE-502
critical
 9.8
9.8
2018-09-01 CVE-2018-15514 Deserialization of Untrusted Data vulnerability in Docker
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects.
network
low complexity
docker CWE-502
8.8
8.8
2018-08-30 CVE-2018-10513 Deserialization of Untrusted Data vulnerability in Trendmicro products
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations.
local
low complexity
trendmicro CWE-502
7.8
7.8
2018-08-30 CVE-2018-15691 Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
network
low complexity
broadcom CWE-502
critical
 9.8
9.8
2018-08-28 CVE-2018-14572 Deserialization of Untrusted Data vulnerability in Pyconuk Conference-Scheduler-Cli
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
local
low complexity
pyconuk CWE-502
7.8
7.8
2018-08-24 CVE-2018-15576 Deserialization of Untrusted Data vulnerability in Hazzardweb Easylogin PRO
An issue was discovered in EasyLogin Pro through 1.3.0.
network
high complexity
hazzardweb CWE-502
8.1
8.1