Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-01-22 CVE-2020-6959 Deserialization of Untrusted Data vulnerability in Honeywell products
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data.
network
low complexity
honeywell CWE-502
7.5
2020-01-17 CVE-2019-17635 Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer 1.9.1
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer.
network
eclipse CWE-502
6.8
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
8.1
2020-01-15 CVE-2020-2555 Deserialization of Untrusted Data vulnerability in Oracle products
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation).
network
low complexity
oracle CWE-502
critical
9.8
2020-01-08 CVE-2019-17076 Deserialization of Untrusted Data vulnerability in Jamf
An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1.
network
low complexity
jamf CWE-502
7.5
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
7.5
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
9.8
2020-01-02 CVE-2016-1000027 Deserialization of Untrusted Data vulnerability in VMWare Spring Framework
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data.
network
low complexity
vmware CWE-502
critical
9.8
2019-12-31 CVE-2019-14466 Deserialization of Untrusted Data vulnerability in multiple products
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
network
low complexity
gosa-project debian CWE-502
5.5
2019-12-30 CVE-2019-19470 Deserialization of Untrusted Data vulnerability in Tinywall
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker.
local
low complexity
tinywall CWE-502
7.2