Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-06 | CVE-2020-10658 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. | 9.8 |
| 2021-01-06 | CVE-2020-10657 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. | 7.2 |
| 2021-01-06 | CVE-2020-10656 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. | 9.8 |
| 2021-01-06 | CVE-2020-10655 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. | 9.8 |
| 2021-01-05 | CVE-2020-35488 | Deserialization of Untrusted Data vulnerability in Nxlog 2.10.2150 The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. | 7.5 |
| 2021-01-05 | CVE-2019-4728 | Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2021-01-04 | CVE-2021-3007 | Deserialization of Untrusted Data vulnerability in multiple products Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. | 9.8 |
| 2021-01-01 | CVE-2020-35939 | Deserialization of Untrusted Data vulnerability in Pickplugins Post Grid and Team Showcase PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. | 8.8 |
| 2021-01-01 | CVE-2020-35938 | Deserialization of Untrusted Data vulnerability in Pickplugins Post Grid and Team Showcase PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. | 8.8 |
| 2021-01-01 | CVE-2020-35932 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletter Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. | 8.8 |