Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-31 | CVE-2019-18364 | Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. | 7.5 |
2019-10-29 | CVE-2019-18601 | Deserialization of Untrusted Data vulnerability in Openafs OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. | 5.0 |
2019-10-24 | CVE-2019-12017 | Deserialization of Untrusted Data vulnerability in Mapr A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. | 7.5 |
2019-10-16 | CVE-2019-13116 | Deserialization of Untrusted Data vulnerability in Mulesoft Mule Runtime 3.2.0 The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections | 7.5 |
2019-10-12 | CVE-2019-17531 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-10-07 | CVE-2019-17267 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
2019-10-05 | CVE-2019-17206 | Deserialization of Untrusted Data vulnerability in Redis Wrapper Project Redis Wrapper 0.2.0/0.2.1 Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. | 7.5 |
2019-10-04 | CVE-2019-16891 | Deserialization of Untrusted Data vulnerability in Liferay Portal Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | 9.8 |
2019-10-02 | CVE-2019-12630 | Deserialization of Untrusted Data vulnerability in Cisco Security Manager A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 7.5 |
2019-10-02 | CVE-2019-17080 | Deserialization of Untrusted Data vulnerability in Linuxmint Mintinstall 7.9.9 mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. | 6.8 |