Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-25258 | Deserialization of Untrusted Data vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 9.8 |
| 2020-09-11 | CVE-2014-1420 | Deserialization of Untrusted Data vulnerability in Canonical Ubuntu-Ui-Toolkit 1.1.1188 On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. | 3.3 |
| 2020-09-01 | CVE-2020-24034 | Deserialization of Untrusted Data vulnerability in Sagemcom F@St 5280 Router Firmware 1.150.61 Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. | 8.8 |
| 2020-09-01 | CVE-2020-17405 | Deserialization of Untrusted Data vulnerability in Senstar Symphony 7.3.2.2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. | 8.8 |
| 2020-08-25 | CVE-2020-15777 | Deserialization of Untrusted Data vulnerability in Gradle Maven An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. | 7.8 |
| 2020-08-25 | CVE-2020-24616 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | 8.1 |
| 2020-08-20 | CVE-2020-10289 | Deserialization of Untrusted Data vulnerability in Openrobotics Robot Operating System Use of unsafe yaml load. | 8.8 |
| 2020-08-13 | CVE-2020-4589 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 9.8 |
| 2020-07-31 | CVE-2020-5413 | Deserialization of Untrusted Data vulnerability in multiple products Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. | 9.8 |
| 2020-07-31 | CVE-2019-11286 | Deserialization of Untrusted Data vulnerability in VMWare Gemfire and Tanzu Gemfire for Virtual Machines VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. | 9.1 |