Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2017-12-01 CVE-2017-11283 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.
network
low complexity
adobe CWE-502
critical
9.8
2017-11-27 CVE-2017-1000207 Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed.
network
low complexity
swagger CWE-502
8.8
2017-11-27 CVE-2017-8045 Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string.
network
low complexity
pivotal-software CWE-502
critical
9.8
2017-11-27 CVE-2017-4995 Deserialization of Untrusted Data vulnerability in VMWare Spring Security
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1.
network
high complexity
vmware CWE-502
8.1
2017-11-17 CVE-2017-1000248 Deserialization of Untrusted Data vulnerability in Redis-Store
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
network
low complexity
redis-store CWE-502
critical
9.8
2017-11-17 CVE-2017-1000208 Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed.
network
low complexity
swagger CWE-502
8.8
2017-11-17 CVE-2017-1000195 Deserialization of Untrusted Data vulnerability in Octobercms October
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
network
low complexity
octobercms CWE-502
7.5
2017-11-15 CVE-2017-12634 Deserialization of Untrusted Data vulnerability in Apache Camel
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability.
network
low complexity
apache CWE-502
critical
9.8
2017-11-15 CVE-2017-12633 Deserialization of Untrusted Data vulnerability in Apache Camel
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability.
network
low complexity
apache CWE-502
critical
9.8
2017-11-09 CVE-2015-7501 Deserialization of Untrusted Data vulnerability in Redhat products
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
redhat CWE-502
critical
9.8