Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-09 | CVE-2018-15133 | Deserialization of Untrusted Data vulnerability in Laravel In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. | 8.1 |
| 2018-08-06 | CVE-2016-4405 | Deserialization of Untrusted Data vulnerability in HP Business Service Management A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 | 8.8 |
| 2018-08-06 | CVE-2016-4398 | Deserialization of Untrusted Data vulnerability in HP Network Node Manager I 10.00/10.01/10.10 A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | 8.8 |
| 2018-07-25 | CVE-2017-10934 | Deserialization of Untrusted Data vulnerability in ZTE Zxiptv-Epg Firmware All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
| 2018-07-20 | CVE-2018-8018 | Deserialization of Untrusted Data vulnerability in Apache Ignite In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. | 9.8 |
| 2018-07-13 | CVE-2016-9498 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. | 9.8 |
| 2018-07-13 | CVE-2016-9483 | Deserialization of Untrusted Data vulnerability in Jqueryform PHP Formmail Generator The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. | 9.8 |
| 2018-06-27 | CVE-2017-18342 | Deserialization of Untrusted Data vulnerability in multiple products In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. | 9.8 |
| 2018-06-26 | CVE-2018-1000527 | Deserialization of Untrusted Data vulnerability in Froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. | 7.2 |
| 2018-06-26 | CVE-2018-1000525 | Deserialization of Untrusted Data vulnerability in Openpsa2 Openpsa openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. | 9.8 |