Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-04 | CVE-2020-26207 | Deserialization of Untrusted Data vulnerability in Databaseschemareader Project Dbschemareader DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. | 8.0 |
| 2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 9.8 |
| 2020-10-22 | CVE-2020-10721 | Deserialization of Untrusted Data vulnerability in Redhat Fabric8-Maven A flaw was found in the fabric8-maven-plugin 4.0.0 and later. | 7.8 |
| 2020-10-21 | CVE-2020-15244 | Deserialization of Untrusted Data vulnerability in Openmage Magento In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. | 7.2 |
| 2020-10-19 | CVE-2020-24648 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
| 2020-10-12 | CVE-2020-7811 | Deserialization of Untrusted Data vulnerability in Samsung Update Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | 7.8 |
| 2020-10-12 | CVE-2020-26867 | Deserialization of Untrusted Data vulnerability in Pcvuesolutions Pcvue 12/8.10 ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. | 9.8 |
| 2020-10-10 | CVE-2020-26945 | Deserialization of Untrusted Data vulnerability in Mybatis MyBatis before 3.5.6 mishandles deserialization of object streams. | 8.1 |
| 2020-10-08 | CVE-2020-4280 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
| 2020-09-30 | CVE-2020-14030 | Deserialization of Untrusted Data vulnerability in Ozeki NG SMS Gateway An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. | 7.2 |