Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-04-02 CVE-2018-12679 Deserialization of Untrusted Data vulnerability in Coapthon3 Project Coapthon3 1.0/1.0.1
The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.
network
low complexity
coapthon3-project CWE-502
7.5
2019-03-28 CVE-2017-18365 Deserialization of Untrusted Data vulnerability in Github
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code.
network
low complexity
github CWE-502
critical
9.8
2019-03-26 CVE-2019-10068 Deserialization of Untrusted Data vulnerability in Kentico
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions.
network
low complexity
kentico CWE-502
critical
9.8
2019-03-26 CVE-2019-9055 Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-502
8.8
2019-03-21 CVE-2019-7539 Deserialization of Untrusted Data vulnerability in Ipycache Project Ipycache 20160531
A code injection issue was discovered in ipycache through 2016-05-31.
network
low complexity
ipycache-project CWE-502
8.8
2019-03-21 CVE-2018-20221 Deserialization of Untrusted Data vulnerability in Deltek Ajera
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user.
network
low complexity
deltek CWE-502
8.8
2019-03-21 CVE-2018-19276 Deserialization of Untrusted Data vulnerability in Openmrs
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
network
low complexity
openmrs CWE-502
critical
9.8
2019-03-21 CVE-2018-12023 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5
2019-03-21 CVE-2018-12022 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5
2019-03-07 CVE-2019-0192 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request.
network
low complexity
apache netapp CWE-502
critical
9.8