Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2018-20221 | Deserialization of Untrusted Data vulnerability in Deltek Ajera Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. | 8.8 |
| 2019-03-21 | CVE-2018-19276 | Deserialization of Untrusted Data vulnerability in Openmrs OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. | 9.8 |
| 2019-03-21 | CVE-2018-12023 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
| 2019-03-21 | CVE-2018-12022 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
| 2019-03-07 | CVE-2019-0192 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. | 9.8 |
| 2019-03-06 | CVE-2019-0187 | Deserialization of Untrusted Data vulnerability in Apache Jmeter 4.0/5.0 Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). | 9.8 |
| 2019-02-27 | CVE-2019-9212 | Deserialization of Untrusted Data vulnerability in Antfin Sofa-Hessian SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. | 9.8 |
| 2019-02-21 | CVE-2019-6340 | Deserialization of Untrusted Data vulnerability in Drupal Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. | 8.1 |
| 2019-02-04 | CVE-2019-1000005 | Deserialization of Untrusted Data vulnerability in Mpdf Project Mpdf mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. | 8.8 |
| 2019-01-22 | CVE-2019-6503 | Deserialization of Untrusted Data vulnerability in Chatopera Cosin 3.10.0 There is a deserialization vulnerability in Chatopera cosin v3.10.0. | 9.8 |