Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1439 | Deserialization of Untrusted Data vulnerability in Microsoft products A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'. | 8.8 |
| 2020-07-14 | CVE-2020-1948 | Deserialization of Untrusted Data vulnerability in Apache Dubbo This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. | 9.8 |
| 2020-07-09 | CVE-2020-4305 | Deserialization of Untrusted Data vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2020-07-03 | CVE-2020-14172 | Deserialization of Untrusted Data vulnerability in Atlassian Jira and Jira Software Data Center This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. | 9.8 |
| 2020-07-02 | CVE-2020-2211 | Deserialization of Untrusted Data vulnerability in Jenkins Kubernetes CI Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-06-26 | CVE-2013-7489 | Deserialization of Untrusted Data vulnerability in Beakerbrowser Beaker The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. | 6.8 |
| 2020-06-22 | CVE-2020-10740 | Deserialization of Untrusted Data vulnerability in Redhat Wildfly A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. | 7.5 |
| 2020-06-21 | CVE-2020-14942 | Deserialization of Untrusted Data vulnerability in Tendenci 12.0.10 Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. | 9.8 |
| 2020-06-20 | CVE-2020-14933 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 8.8 |
| 2020-06-20 | CVE-2020-14932 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. | 9.8 |