Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-15 | CVE-2019-14540 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
| 2019-09-14 | CVE-2019-16317 | Deserialization of Untrusted Data vulnerability in Pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | 6.5 |
| 2019-09-11 | CVE-2019-0189 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. | 9.8 |
| 2019-09-05 | CVE-2019-14224 | Deserialization of Untrusted Data vulnerability in Alfresco 5.2 An issue was discovered in Alfresco Community Edition 5.2 201707. | 9.0 |
| 2019-09-05 | CVE-2019-5069 | Deserialization of Untrusted Data vulnerability in Epignosishq Efront LMS A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. | 6.5 |
| 2019-09-05 | CVE-2018-11569 | Deserialization of Untrusted Data vulnerability in Eventum Project Eventum 3.5.0/3.5.1 Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. | 7.5 |
| 2019-08-29 | CVE-2019-15780 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Form Builder The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | 7.5 |
| 2019-08-26 | CVE-2019-15521 | Deserialization of Untrusted Data vulnerability in multiple products Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | 7.5 |
| 2019-08-22 | CVE-2018-20987 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletters The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. | 7.5 |
| 2019-08-22 | CVE-2019-11030 | Deserialization of Untrusted Data vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. | 10.0 |