Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-10-12 CVE-2019-17531 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-07 CVE-2019-17267 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp debian redhat oracle CWE-502
critical
 9.8
9.8
2019-10-05 CVE-2019-17206 Deserialization of Untrusted Data vulnerability in Redis Wrapper Project Redis Wrapper 0.2.0/0.2.1
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
network
low complexity
redis-wrapper-project CWE-502
critical
 9.8
9.8
2019-10-04 CVE-2019-16891 Deserialization of Untrusted Data vulnerability in Liferay Portal
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
network
low complexity
liferay CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-12630 Deserialization of Untrusted Data vulnerability in Cisco Security Manager
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
network
low complexity
cisco CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-17080 Deserialization of Untrusted Data vulnerability in Linuxmint Mintinstall 7.9.9
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs.
local
low complexity
linuxmint CWE-502
7.8
7.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-27 CVE-2019-9373 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In JobStore, there is a mismatched serialization/deserialization for the "battery-not-low" job attribute.
local
low complexity
google CWE-502
5.5
5.5
2019-09-27 CVE-2019-9365 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In Bluetooth, there is a possible deserialization error due to missing string validation.
network
low complexity
google CWE-502
critical
 9.8
9.8