Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2017-17485 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian redhat netapp CWE-502
critical
 9.8
9.8
2017-12-29 CVE-2014-9515 Deserialization of Untrusted Data vulnerability in Dozer Project Dozer
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
network
low complexity
dozer-project CWE-502
critical
 9.8
9.8
2017-12-28 CVE-2017-5641 Deserialization of Untrusted Data vulnerability in multiple products
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default.
network
low complexity
apache hp CWE-502
critical
 9.8
9.8
2017-12-14 CVE-2017-17672 Deserialization of Untrusted Data vulnerability in Vbulletin
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API.
network
low complexity
vbulletin CWE-502
critical
 9.8
9.8
2017-12-01 CVE-2017-11284 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2017-12-01 CVE-2017-11283 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2017-11-27 CVE-2017-1000207 Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed.
network
low complexity
swagger CWE-502
8.8
8.8
2017-11-27 CVE-2017-8045 Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string.
network
low complexity
pivotal-software CWE-502
critical
 9.8
9.8
2017-11-27 CVE-2017-4995 Deserialization of Untrusted Data vulnerability in VMWare Spring Security
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1.
network
high complexity
vmware CWE-502
8.1
8.1
2017-11-17 CVE-2017-1000248 Deserialization of Untrusted Data vulnerability in Redis-Store
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
network
low complexity
redis-store CWE-502
critical
 9.8
9.8