Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-10917 | Deserialization of Untrusted Data vulnerability in NEC Esmpro Manager 6.42 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. | 9.8 |
| 2020-07-22 | CVE-2020-9664 | Deserialization of Untrusted Data vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. | 9.8 |
| 2020-07-20 | CVE-2020-15842 | Deserialization of Untrusted Data vulnerability in Liferay Portal Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | 8.1 |
| 2020-07-17 | CVE-2020-4464 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. | 8.8 |
| 2020-07-17 | CVE-2020-11982 | Deserialization of Untrusted Data vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 9.8 |
| 2020-07-16 | CVE-2020-12015 | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. | 7.5 |
| 2020-07-16 | CVE-2020-12007 | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. | 9.8 |
| 2020-07-16 | CVE-2020-12009 | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. | 7.5 |
| 2020-07-16 | CVE-2020-14000 | Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. | 9.8 |
| 2020-07-15 | CVE-2020-9496 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | 6.1 |