Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-05-06 CVE-2020-2189 Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
2020-04-29 CVE-2020-12471 Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.
network
low complexity
mono CWE-502
critical
9.8
2020-04-29 CVE-2020-12469 Deserialization of Untrusted Data vulnerability in Intelliants Subrion
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
network
low complexity
intelliants CWE-502
6.5
2020-04-27 CVE-2020-12133 Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
network
low complexity
farukawa CWE-502
critical
9.8
2020-04-22 CVE-2020-10915 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
9.8
2020-04-22 CVE-2020-10914 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
9.8
2020-04-17 CVE-2020-0082 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
2020-04-16 CVE-2020-2180 Deserialization of Untrusted Data vulnerability in Jenkins Amazon web Services Serverless Application Model 1.2.2
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
2020-04-16 CVE-2020-2179 Deserialization of Untrusted Data vulnerability in Jenkins Yaml Axis
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
2020-04-16 CVE-2020-1964 Deserialization of Untrusted Data vulnerability in Apache Heron 0.20.0Incubating/0.20.1Incubating/0.20.2Incubating
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
network
low complexity
apache CWE-502
critical
9.8