Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-26	CVE-2013-7489	Deserialization of Untrusted Data vulnerability in Beakerbrowser Beaker The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. low complexity beakerbrowser CWE-502	6.8
2020-06-22	CVE-2020-10740	Deserialization of Untrusted Data vulnerability in Redhat Wildfly A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. network high complexity redhat CWE-502	7.5
2020-06-21	CVE-2020-14942	Deserialization of Untrusted Data vulnerability in Tendenci 12.0.10 Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. network low complexity tendenci CWE-502 critical	9.8
2020-06-20	CVE-2020-14933	Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. network low complexity squirrelmail CWE-502	8.8
2020-06-20	CVE-2020-14932	Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. network low complexity squirrelmail CWE-502 critical	9.8
2020-06-19	CVE-2020-8165	Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. network low complexity rubyonrails debian opensuse CWE-502 critical	9.8
2020-06-19	CVE-2020-8164	Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. network low complexity rubyonrails debian opensuse CWE-502	7.5
2020-06-16	CVE-2020-14195	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). network high complexity fasterxml netapp debian oracle CWE-502	8.1
2020-06-14	CVE-2020-14060	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). network high complexity fasterxml netapp oracle CWE-502	8.1
2020-06-14	CVE-2020-14062	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). network high complexity fasterxml netapp debian oracle CWE-502	8.1