Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-07 | CVE-2020-6770 | Deserialization of Untrusted Data vulnerability in Bosch products Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-06 | CVE-2013-4521 | Deserialization of Untrusted Data vulnerability in Nuxeo 5.6.0/5.8.0 RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. | 9.8 |
| 2020-01-29 | CVE-2020-3716 | Deserialization of Untrusted Data vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2020-01-23 | CVE-2019-17570 | Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. | 9.8 |
| 2020-01-22 | CVE-2020-6959 | Deserialization of Untrusted Data vulnerability in Honeywell products The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. | 9.8 |
| 2020-01-17 | CVE-2019-17635 | Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. | 7.8 |
| 2020-01-15 | CVE-2020-2604 | Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 8.1 |
| 2020-01-15 | CVE-2020-2555 | Deserialization of Untrusted Data vulnerability in Oracle products Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). | 9.8 |
| 2020-01-08 | CVE-2019-17076 | Deserialization of Untrusted Data vulnerability in Jamf An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. | 9.8 |
| 2020-01-08 | CVE-2014-1860 | Deserialization of Untrusted Data vulnerability in Contao CMS Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | 9.8 |