Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-09 | CVE-2018-11307 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. | 9.8 |
2019-07-09 | CVE-2019-12747 | Deserialization of Untrusted Data vulnerability in Typo3 TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | 8.8 |
2019-06-24 | CVE-2019-12384 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. | 5.9 |
2019-06-21 | CVE-2019-11011 | Deserialization of Untrusted Data vulnerability in Akamai Cloudtest Akamai CloudTest before 58.30 allows remote code execution. | 7.5 |
2019-06-20 | CVE-2018-15890 | Deserialization of Untrusted Data vulnerability in Ethereum Ethereumj 1.8.2 An issue was discovered in EthereumJ 1.8.2. | 10.0 |
2019-06-19 | CVE-2019-12814 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. | 5.9 |
2019-06-18 | CVE-2019-12868 | Deserialization of Untrusted Data vulnerability in Misp 2.4.109 app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. | 7.2 |
2019-06-13 | CVE-2019-12799 | Deserialization of Untrusted Data vulnerability in Shopware In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. | 8.8 |
2019-06-12 | CVE-2019-7840 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. | 10.0 |
2019-06-12 | CVE-2019-0305 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Process Integration Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. | 4.3 |