Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-22 | CVE-2018-20984 | Deserialization of Untrusted Data vulnerability in Patreon Wordpress The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. | 9.8 |
| 2019-08-20 | CVE-2019-10086 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. | 7.3 |
| 2019-08-14 | CVE-2019-0344 | Deserialization of Untrusted Data vulnerability in SAP Commerce Cloud Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. | 9.8 |
| 2019-07-30 | CVE-2019-14439 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. | 7.5 |
| 2019-07-26 | CVE-2018-11779 | Deserialization of Untrusted Data vulnerability in Apache Storm In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | 9.8 |
| 2019-07-15 | CVE-2019-1010306 | Deserialization of Untrusted Data vulnerability in Teller Slanger 0.6.0 Slanger 0.6.0 is affected by: Remote Code Execution (RCE). | 9.8 |
| 2019-07-11 | CVE-2019-10135 | Deserialization of Untrusted Data vulnerability in Osbs-Client Project Osbs-Client A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. | 7.2 |
| 2019-07-09 | CVE-2018-11307 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. | 9.8 |
| 2019-07-09 | CVE-2019-12747 | Deserialization of Untrusted Data vulnerability in Typo3 TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | 8.8 |
| 2019-06-24 | CVE-2019-12384 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. | 5.9 |