Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-17 | CVE-2019-4279 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 9.8 |
| 2019-05-16 | CVE-2019-10912 | Deserialization of Untrusted Data vulnerability in Sensiolabs Symfony In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. | 7.1 |
| 2019-05-14 | CVE-2019-10924 | Deserialization of Untrusted Data vulnerability in Siemens Logo! Soft Comfort A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). | 7.8 |
| 2019-05-09 | CVE-2019-11831 | Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 9.8 |
| 2019-05-09 | CVE-2019-11830 | Deserialization of Untrusted Data vulnerability in Typo3 Pharstreamwrapper PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. | 9.8 |
| 2019-05-08 | CVE-2019-11458 | Deserialization of Untrusted Data vulnerability in Cakefoundation Cakephp 3.7.6 An issue was discovered in SmtpTransport in CakePHP 3.7.6. | 7.5 |
| 2019-05-06 | CVE-2019-5434 | Deserialization of Untrusted Data vulnerability in Revive-Sas Revive Adserver An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. | 9.8 |
| 2019-04-24 | CVE-2019-7214 | Deserialization of Untrusted Data vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. | 9.8 |
| 2019-04-11 | CVE-2019-9056 | Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 8.8 |
| 2019-04-09 | CVE-2019-7361 | Deserialization of Untrusted Data vulnerability in Autodesk products An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. | 7.8 |