Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2019-5326 | Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. | 6.5 |
| 2020-02-19 | CVE-2020-8441 | Deserialization of Untrusted Data vulnerability in Jyaml Project Jyaml JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. | 7.5 |
| 2020-02-19 | CVE-2019-20477 | Deserialization of Untrusted Data vulnerability in multiple products PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. | 9.8 |
| 2020-02-12 | CVE-2020-2123 | Deserialization of Untrusted Data vulnerability in Jenkins Radargun Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-02-11 | CVE-2020-0618 | Deserialization of Untrusted Data vulnerability in Microsoft SQL Server 2012/2014/2016 A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | 6.5 |
| 2020-02-10 | CVE-2020-8840 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | 9.8 |
| 2020-02-07 | CVE-2020-6770 | Deserialization of Untrusted Data vulnerability in Bosch products Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. | 10.0 |
| 2020-02-06 | CVE-2013-4521 | Deserialization of Untrusted Data vulnerability in Nuxeo 5.6.0/5.8.0 RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. | 7.5 |
| 2020-01-29 | CVE-2020-3716 | Deserialization of Untrusted Data vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. | 10.0 |
| 2020-01-23 | CVE-2019-17570 | Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. | 9.8 |