Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-19373 | Deserialization of Untrusted Data vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. | 5.0 |
| 2019-12-11 | CVE-2019-18935 | Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. | 9.8 |
| 2019-12-09 | CVE-2019-19230 | Deserialization of Untrusted Data vulnerability in Broadcom Nolio 6.6 An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | 7.5 |
| 2019-12-04 | CVE-2019-17556 | Deserialization of Untrusted Data vulnerability in Apache Olingo Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. | 10.0 |
| 2019-11-26 | CVE-2019-18580 | Deserialization of Untrusted Data vulnerability in Dell EMC Storage Monitoring and Reporting 4.3.1 Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. | 10.0 |
| 2019-11-26 | CVE-2019-15271 | Deserialization of Untrusted Data vulnerability in Cisco products A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. | 9.0 |
| 2019-11-20 | CVE-2019-4561 | Deserialization of Untrusted Data vulnerability in IBM Security Identity Manager 6.0.0 IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 9.3 |
| 2019-11-12 | CVE-2019-1373 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | 7.5 |
| 2019-11-06 | CVE-2019-8141 | Deserialization of Untrusted Data vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 6.5 |
| 2019-11-05 | CVE-2019-18631 | Deserialization of Untrusted Data vulnerability in Centrify products The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file. | 5.1 |