Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-5350 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 8.8 |
| 2019-06-05 | CVE-2019-11945 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 9.8 |
| 2019-06-05 | CVE-2019-11944 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 9.8 |
| 2019-05-31 | CVE-2019-10069 | Deserialization of Untrusted Data vulnerability in Godotengine Godot In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. | 9.8 |
| 2019-05-31 | CVE-2019-9875 | Deserialization of Untrusted Data vulnerability in Sitecore CMS Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. | 8.8 |
| 2019-05-31 | CVE-2019-9874 | Deserialization of Untrusted Data vulnerability in Sitecore CMS and Experience Platform Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. | 9.8 |
| 2019-05-29 | CVE-2019-6980 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 9.8 |
| 2019-05-24 | CVE-2019-7091 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2019-05-24 | CVE-2017-18375 | Deserialization of Untrusted Data vulnerability in Ampache 3.8.3 Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. | 8.8 |
| 2019-05-24 | CVE-2016-10753 | Deserialization of Untrusted Data vulnerability in E107 2.1.2 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | 8.8 |