Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-15 | CVE-2020-13092 | Deserialization of Untrusted Data vulnerability in Scikit-Learn scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. | 9.8 |
| 2020-05-15 | CVE-2020-13091 | Deserialization of Untrusted Data vulnerability in Numfocus Pandas pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. | 9.8 |
| 2020-05-14 | CVE-2020-11973 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel Netty enables Java deserialization by default. | 9.8 |
| 2020-05-14 | CVE-2020-11972 | Deserialization of Untrusted Data vulnerability in multiple products Apache Camel RabbitMQ enables Java deserialization by default. | 9.8 |
| 2020-05-14 | CVE-2020-11067 | Deserialization of Untrusted Data vulnerability in Typo3 In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. | 8.8 |
| 2020-05-13 | CVE-2019-16112 | Deserialization of Untrusted Data vulnerability in Tylertech Eagle 2018.3.11 TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. | 8.8 |
| 2020-05-11 | CVE-2020-12760 | Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. | 8.8 |
| 2020-05-08 | CVE-2020-5741 | Deserialization of Untrusted Data vulnerability in Plex Media Server Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | 7.2 |
| 2020-05-06 | CVE-2020-2189 | Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1 Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-04-29 | CVE-2020-12471 | Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | 9.8 |