Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-05-11 CVE-2020-12760 Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7.
network
low complexity
opennms CWE-502
8.8
8.8
2020-05-08 CVE-2020-5741 Deserialization of Untrusted Data vulnerability in Plex Media Server
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
network
low complexity
plex CWE-502
7.2
7.2
2020-05-06 CVE-2020-2189 Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8
2020-04-29 CVE-2020-12471 Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.
network
low complexity
mono CWE-502
critical
 9.8
9.8
2020-04-29 CVE-2020-12469 Deserialization of Untrusted Data vulnerability in Intelliants Subrion
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
network
low complexity
intelliants CWE-502
6.5
6.5
2020-04-27 CVE-2020-12133 Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
network
low complexity
farukawa CWE-502
critical
 9.8
9.8
2020-04-22 CVE-2020-10915 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
 9.8
9.8
2020-04-22 CVE-2020-10914 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
 9.8
9.8
2020-04-17 CVE-2020-0082 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
7.8
2020-04-16 CVE-2020-2180 Deserialization of Untrusted Data vulnerability in Jenkins Amazon web Services Serverless Application Model 1.2.2
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8