Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2020-8165 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
network
low complexity
rubyonrails debian opensuse CWE-502
critical
 9.8
9.8
2020-06-19 CVE-2020-8164 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
network
low complexity
rubyonrails debian opensuse CWE-502
7.5
7.5
2020-06-16 CVE-2020-14195 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-06-14 CVE-2020-14060 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
network
high complexity
fasterxml netapp oracle CWE-502
8.1
8.1
2020-06-14 CVE-2020-14062 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-06-14 CVE-2020-14061 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-06-11 CVE-2020-5411 Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Batch
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution.
network
high complexity
pivotal-software CWE-502
8.1
8.1
2020-06-11 CVE-2020-0132 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization.
local
low complexity
google CWE-502
5.5
5.5
2020-06-10 CVE-2020-4043 Deserialization of Untrusted Data vulnerability in PHPmussel Project PHPmussel
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper.
network
low complexity
phpmussel-project CWE-502
critical
 9.8
9.8
2020-06-09 CVE-2020-12000 Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway
The affected product is vulnerable to the handling of serialized data.
network
low complexity
inductiveautomation CWE-502
7.5
7.5