Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-28 | CVE-2017-10932 | Deserialization of Untrusted Data vulnerability in ZTE products All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
2017-09-19 | CVE-2017-14141 | Deserialization of Untrusted Data vulnerability in Kaltura Server The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 7.2 |
2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
2017-09-13 | CVE-2017-12612 | Deserialization of Untrusted Data vulnerability in Apache Spark In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. | 7.8 |
2017-09-13 | CVE-2016-8744 | Deserialization of Untrusted Data vulnerability in Apache Brooklyn Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. | 8.8 |
2017-08-30 | CVE-2017-14035 | Deserialization of Untrusted Data vulnerability in Crushftp CrushFTP 8.x before 8.2.0 has a serialization vulnerability. | 9.8 |
2017-08-08 | CVE-2017-11153 | Deserialization of Untrusted Data vulnerability in Synology Photo Station Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | 9.8 |
2017-07-20 | CVE-2017-9785 | Deserialization of Untrusted Data vulnerability in Nancyfx Nancy Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie. | 9.8 |
2017-07-17 | CVE-2017-1000053 | Deserialization of Untrusted Data vulnerability in Plug Project Plug Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. | 8.1 |
2017-07-17 | CVE-2017-1000034 | Deserialization of Untrusted Data vulnerability in Akka Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. | 8.1 |