Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-25 | CVE-2020-15777 | Deserialization of Untrusted Data vulnerability in Gradle Maven An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. | 7.8 |
| 2020-08-25 | CVE-2020-24616 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | 8.1 |
| 2020-08-20 | CVE-2020-10289 | Deserialization of Untrusted Data vulnerability in Openrobotics Robot Operating System Use of unsafe yaml load. | 8.8 |
| 2020-08-13 | CVE-2020-4589 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 9.8 |
| 2020-07-31 | CVE-2020-5413 | Deserialization of Untrusted Data vulnerability in multiple products Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. | 9.8 |
| 2020-07-31 | CVE-2019-11286 | Deserialization of Untrusted Data vulnerability in VMWare Gemfire and Tanzu Gemfire for Virtual Machines VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. | 9.1 |
| 2020-07-22 | CVE-2020-9664 | Deserialization of Untrusted Data vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. | 9.8 |
| 2020-07-20 | CVE-2020-15842 | Deserialization of Untrusted Data vulnerability in Liferay Portal Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | 8.1 |
| 2020-07-17 | CVE-2020-4464 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. | 8.8 |
| 2020-07-17 | CVE-2020-11982 | Deserialization of Untrusted Data vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 9.8 |