Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-15 | CVE-2016-0360 | Deserialization of Untrusted Data vulnerability in IBM Websphere MQ JMS IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. | 9.8 |
| 2017-02-10 | CVE-2017-5954 | Deserialization of Untrusted Data vulnerability in Serialize-To-Js Project Serialize-To-Js 0.5.0 An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. | 9.8 |
| 2017-02-09 | CVE-2017-5941 | Deserialization of Untrusted Data vulnerability in Node-Serialize Project Node-Serialize An issue was discovered in the node-serialize package 0.0.4 for Node.js. | 9.8 |
| 2017-02-07 | CVE-2016-6199 | Deserialization of Untrusted Data vulnerability in Gradle 2.12 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |
| 2017-01-18 | CVE-2016-3415 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | 9.1 |
| 2016-12-11 | CVE-2016-9865 | Deserialization of Untrusted Data vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 9.8 |
| 2016-12-11 | CVE-2016-6620 | Deserialization of Untrusted Data vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 9.8 |
| 2016-10-13 | CVE-2016-7065 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 4.0.0/5.0.0 The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. | 8.8 |
| 2016-10-03 | CVE-2016-5019 | Deserialization of Untrusted Data vulnerability in Apache Myfaces Trinidad CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string. | 9.8 |
| 2016-09-29 | CVE-2016-4385 | Deserialization of Untrusted Data vulnerability in HP Network Automation The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. | 7.3 |