Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-15691 | Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5 Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | 9.8 |
| 2018-08-28 | CVE-2018-14572 | Deserialization of Untrusted Data vulnerability in Pyconuk Conference-Scheduler-Cli In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | 7.8 |
| 2018-08-24 | CVE-2018-15576 | Deserialization of Untrusted Data vulnerability in Hazzardweb Easylogin PRO An issue was discovered in EasyLogin Pro through 1.3.0. | 8.1 |
| 2018-08-23 | CVE-2018-1999042 | Deserialization of Untrusted Data vulnerability in Jenkins A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | 5.3 |
| 2018-08-20 | CVE-2018-1000641 | Deserialization of Untrusted Data vulnerability in Yeswiki 201210221/201310171/201603171 YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | 9.8 |
| 2018-08-18 | CVE-2018-15503 | Deserialization of Untrusted Data vulnerability in Swoole 4.0.4 The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. | 7.5 |
| 2018-08-17 | CVE-2018-3784 | Deserialization of Untrusted Data vulnerability in Cryo Project Cryo 0.0.6 A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | 9.8 |
| 2018-08-15 | CVE-2018-8349 | Deserialization of Untrusted Data vulnerability in Microsoft products A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-08-14 | CVE-2018-12539 | Deserialization of Untrusted Data vulnerability in multiple products In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. | 7.8 |
| 2018-08-13 | CVE-2018-14878 | Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 7.8 |