Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-3690 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | 9.8 |
| 2017-06-08 | CVE-2017-5878 | Deserialization of Untrusted Data vulnerability in Red5 Media Server The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. | 9.8 |
| 2017-06-07 | CVE-2017-4914 | Deserialization of Untrusted Data vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. | 9.8 |
| 2017-06-02 | CVE-2017-9363 | Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4 Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 9.8 |
| 2017-05-19 | CVE-2017-7504 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | 9.8 |
| 2017-05-08 | CVE-2017-8829 | Deserialization of Untrusted Data vulnerability in Debian Lintian Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | 7.8 |
| 2017-05-07 | CVE-2017-8804 | Deserialization of Untrusted Data vulnerability in GNU Glibc 2.25 The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. | 7.5 |
| 2017-04-27 | CVE-2017-3066 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. | 9.8 |
| 2017-04-26 | CVE-2017-7293 | Deserialization of Untrusted Data vulnerability in Dolby Audio X2 and Dolby Audio X3 The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. | 7.8 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |