Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-16 | CVE-2019-19826 | Deserialization of Untrusted Data vulnerability in Drupal Views Dynamic Field The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. | 9.8 |
| 2019-12-15 | CVE-2014-3699 | Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has RCE via cPickle deserialization of untrusted data | 9.8 |
| 2019-12-12 | CVE-2019-16774 | Deserialization of Untrusted Data vulnerability in PHPfastcache In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. | 9.8 |
| 2019-12-12 | CVE-2019-18316 | Deserialization of Untrusted Data vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 9.8 |
| 2019-12-12 | CVE-2019-18283 | Deserialization of Untrusted Data vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 9.8 |
| 2019-12-12 | CVE-2019-17358 | Deserialization of Untrusted Data vulnerability in multiple products Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. | 8.1 |
| 2019-12-11 | CVE-2019-19373 | Deserialization of Untrusted Data vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. | 7.5 |
| 2019-12-11 | CVE-2019-18935 | Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. | 9.8 |
| 2019-12-09 | CVE-2019-19230 | Deserialization of Untrusted Data vulnerability in Broadcom Nolio 6.6 An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | 9.8 |
| 2019-12-04 | CVE-2019-17556 | Deserialization of Untrusted Data vulnerability in Apache Olingo Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. | 9.8 |