Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-14 | CVE-2020-14061 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | 8.1 |
| 2020-06-11 | CVE-2020-5411 | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Batch When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. | 6.8 |
| 2020-06-11 | CVE-2020-0132 | Deserialization of Untrusted Data vulnerability in Google Android 10.0 In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. | 2.1 |
| 2020-06-10 | CVE-2020-4043 | Deserialization of Untrusted Data vulnerability in PHPmussel Project PHPmussel phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. | 7.5 |
| 2020-06-09 | CVE-2020-12000 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway The affected product is vulnerable to the handling of serialized data. | 7.5 |
| 2020-06-09 | CVE-2020-10644 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 5.0 |
| 2020-06-05 | CVE-2020-4450 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. | 10.0 |
| 2020-06-05 | CVE-2020-4448 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 10.0 |
| 2020-06-01 | CVE-2020-7660 | Deserialization of Untrusted Data vulnerability in Verizon Serialize-Javascript serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". | 6.8 |
| 2020-05-26 | CVE-2020-12390 | Deserialization of Untrusted Data vulnerability in Mozilla Firefox Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. | 7.5 |