Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-15188 | Deserialization of Untrusted Data vulnerability in Brassica SOY CMS SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). | 9.8 |
| 2020-09-17 | CVE-2020-24750 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | 8.1 |
| 2020-09-16 | CVE-2020-7532 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Scadapack X70 Security Administrator 1.2.0 A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. | 7.8 |
| 2020-09-16 | CVE-2020-7528 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Scadapack 7X Remote Connect 3.6.3.574 A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | 7.8 |
| 2020-09-15 | CVE-2020-15172 | Deserialization of Untrusted Data vulnerability in Fluffycogs Project Fluffycogs The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. | 8.8 |
| 2020-09-15 | CVE-2020-15148 | Deserialization of Untrusted Data vulnerability in Yiiframework YII Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. | 10.0 |
| 2020-09-15 | CVE-2020-4521 | Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. | 8.8 |
| 2020-09-11 | CVE-2020-24164 | Deserialization of Untrusted Data vulnerability in Taoensso Nippy A deserialization flaw is present in Taoensso Nippy before 2.14.2. | 7.8 |
| 2020-09-11 | CVE-2020-25260 | Deserialization of Untrusted Data vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 9.8 |
| 2020-09-11 | CVE-2020-25259 | Deserialization of Untrusted Data vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 9.8 |