Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-10-05 CVE-2019-17206 Deserialization of Untrusted Data vulnerability in Redis Wrapper Project Redis Wrapper 0.2.0/0.2.1
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
network
low complexity
redis-wrapper-project CWE-502
critical
 9.8
9.8
2019-10-04 CVE-2019-16891 Deserialization of Untrusted Data vulnerability in Liferay Portal
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
network
low complexity
liferay CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-12630 Deserialization of Untrusted Data vulnerability in Cisco Security Manager
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
network
low complexity
cisco CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-17080 Deserialization of Untrusted Data vulnerability in Linuxmint Mintinstall 7.9.9
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs.
local
low complexity
linuxmint CWE-502
7.8
7.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-27 CVE-2019-9373 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute.
local
low complexity
google CWE-502
5.5
5.5
2019-09-27 CVE-2019-9365 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In Bluetooth, there is a possible deserialization error due to missing string validation.
network
low complexity
google CWE-502
critical
 9.8
9.8
2019-09-26 CVE-2019-16894 Deserialization of Untrusted Data vulnerability in Inoideas Inoerp 4.15
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
network
low complexity
inoideas CWE-502
critical
 9.8
9.8
2019-09-26 CVE-2019-16755 Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application.
network
low complexity
bmc CWE-502
critical
 9.8
9.8