Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-11973 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel Netty enables Java deserialization by default. | 9.8 |
| 2020-05-14 | CVE-2020-11972 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel RabbitMQ enables Java deserialization by default. | 9.8 |
| 2020-05-14 | CVE-2020-11067 | Deserialization of Untrusted Data vulnerability in Typo3 In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. | 8.8 |
| 2020-05-13 | CVE-2019-16112 | Deserialization of Untrusted Data vulnerability in Tylertech Eagle 2018.3.11 TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. | 8.8 |
| 2020-05-11 | CVE-2020-12760 | Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. | 8.8 |
| 2020-05-08 | CVE-2020-5741 | Deserialization of Untrusted Data vulnerability in Plex Media Server Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 7.2 |
| 2020-05-06 | CVE-2020-2189 | Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1 Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-04-29 | CVE-2020-12471 | Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | 9.8 |
| 2020-04-29 | CVE-2020-12469 | Deserialization of Untrusted Data vulnerability in Intelliants Subrion admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | 6.5 |
| 2020-04-27 | CVE-2020-12133 | Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization. | 9.8 |