Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2019-16755 | Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. | 9.8 |
| 2019-09-17 | CVE-2019-11666 | Deserialization of Untrusted Data vulnerability in Microfocus Service Manager Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. | 8.8 |
| 2019-09-16 | CVE-2019-0195 | Deserialization of Untrusted Data vulnerability in Apache Tapestry 5.4.0 Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. | 9.8 |
| 2019-09-15 | CVE-2019-16335 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
| 2019-09-15 | CVE-2019-14540 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
| 2019-09-14 | CVE-2019-16317 | Deserialization of Untrusted Data vulnerability in Pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | 8.8 |
| 2019-09-11 | CVE-2019-0189 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. | 9.8 |
| 2019-09-10 | CVE-2017-18605 | Deserialization of Untrusted Data vulnerability in Gravitatedesign Gravitate QA Tracker 1.2.1 The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | 9.8 |
| 2019-09-10 | CVE-2017-18604 | Deserialization of Untrusted Data vulnerability in Sitebuilder Dynamic Components Project Sitebuilder Dynamic Components 1.0 The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | 7.5 |
| 2019-09-05 | CVE-2019-14224 | Deserialization of Untrusted Data vulnerability in Alfresco 5.2 An issue was discovered in Alfresco Community Edition 5.2 201707. | 7.2 |