Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-24648 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
| 2020-10-12 | CVE-2020-7811 | Deserialization of Untrusted Data vulnerability in Samsung Update Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | 7.8 |
| 2020-10-12 | CVE-2020-26867 | Deserialization of Untrusted Data vulnerability in Pcvuesolutions Pcvue 12/8.10 ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. | 9.8 |
| 2020-10-10 | CVE-2020-26945 | Deserialization of Untrusted Data vulnerability in Mybatis MyBatis before 3.5.6 mishandles deserialization of object streams. | 8.1 |
| 2020-10-08 | CVE-2020-4280 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
| 2020-09-30 | CVE-2020-14030 | Deserialization of Untrusted Data vulnerability in Ozeki NG SMS Gateway An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. | 7.2 |
| 2020-09-17 | CVE-2020-24750 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | 8.1 |
| 2020-09-16 | CVE-2020-7532 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Scadapack X70 Security Administrator 1.2.0 A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. | 7.8 |
| 2020-09-15 | CVE-2020-4521 | Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. | 8.8 |
| 2020-09-11 | CVE-2020-24164 | Deserialization of Untrusted Data vulnerability in Taoensso Nippy A deserialization flaw is present in Taoensso Nippy before 2.14.2. | 7.8 |