Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2019-15321 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
network
low complexity
optiontree-project CWE-502
7.5
2019-08-22 CVE-2019-15320 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
network
low complexity
optiontree-project CWE-502
7.5
2019-08-22 CVE-2019-15319 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
network
low complexity
optiontree-project CWE-502
7.5
2019-08-22 CVE-2018-20984 Deserialization of Untrusted Data vulnerability in Patreon Wordpress
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.
network
low complexity
patreon CWE-502
7.5
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3
2019-08-14 CVE-2019-0344 Deserialization of Untrusted Data vulnerability in SAP Commerce Cloud
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
network
low complexity
sap CWE-502
7.5
2019-07-30 CVE-2019-14439 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.
7.5
2019-07-26 CVE-2018-11779 Deserialization of Untrusted Data vulnerability in Apache Storm
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
network
low complexity
apache CWE-502
critical
9.8
2019-07-15 CVE-2019-1010306 Deserialization of Untrusted Data vulnerability in Teller Slanger 0.6.0
Slanger 0.6.0 is affected by: Remote Code Execution (RCE).
network
low complexity
teller CWE-502
7.5
2019-07-11 CVE-2019-10135 Deserialization of Untrusted Data vulnerability in Osbs-Client Project Osbs-Client
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1.
network
low complexity
osbs-client-project CWE-502
7.2