Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2020-11973 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11972 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel RabbitMQ enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11067 Deserialization of Untrusted Data vulnerability in Typo3
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization.
network
low complexity
typo3 CWE-502
8.8
2020-05-13 CVE-2019-16112 Deserialization of Untrusted Data vulnerability in Tylertech Eagle 2018.3.11
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.
network
low complexity
tylertech CWE-502
8.8
2020-05-11 CVE-2020-12760 Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7.
network
low complexity
opennms CWE-502
8.8
2020-05-08 CVE-2020-5741 Deserialization of Untrusted Data vulnerability in Plex Media Server
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
network
low complexity
plex CWE-502
7.2
2020-05-06 CVE-2020-2189 Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
2020-04-29 CVE-2020-12471 Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.
network
low complexity
mono CWE-502
critical
9.8
2020-04-29 CVE-2020-12469 Deserialization of Untrusted Data vulnerability in Intelliants Subrion
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
network
low complexity
intelliants CWE-502
6.5
2020-04-27 CVE-2020-12133 Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
network
low complexity
farukawa CWE-502
critical
9.8