Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-35490 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | 8.1 |
| 2020-12-17 | CVE-2020-22083 | Deserialization of Untrusted Data vulnerability in Jsonpickle Project Jsonpickle jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. | 9.8 |
| 2020-12-14 | CVE-2020-20136 | Deserialization of Untrusted Data vulnerability in Quantconnect Lean 2.3.0.0/2.4.0.1 QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. | 9.8 |
| 2020-12-11 | CVE-2020-9301 | Deserialization of Untrusted Data vulnerability in Linuxfoundation Spinnaker Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. | 8.8 |
| 2020-12-10 | CVE-2020-17144 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2010 Microsoft Exchange Remote Code Execution Vulnerability | 8.4 |
| 2020-12-08 | CVE-2020-17531 | Deserialization of Untrusted Data vulnerability in Apache Tapestry A Java Serialization vulnerability was found in Apache Tapestry 4. | 9.8 |
| 2020-11-19 | CVE-2020-28948 | Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | 7.8 |
| 2020-11-17 | CVE-2020-27131 | Deserialization of Untrusted Data vulnerability in Cisco Security Manager Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 9.8 |
| 2020-11-16 | CVE-2020-5664 | Deserialization of Untrusted Data vulnerability in Riken Xoonips Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2020-11-07 | CVE-2020-28339 | Deserialization of Untrusted Data vulnerability in Collne Welcart E-Commerce The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. | 8.8 |