Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-12469 Deserialization of Untrusted Data vulnerability in Intelliants Subrion
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
network
low complexity
intelliants CWE-502
6.5
6.5
2020-04-27 CVE-2020-12133 Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
network
low complexity
farukawa CWE-502
critical
 9.8
9.8
2020-04-22 CVE-2020-10915 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
 9.8
9.8
2020-04-22 CVE-2020-10914 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
 9.8
9.8
2020-04-17 CVE-2020-0082 Deserialization of Untrusted Data vulnerability in Google Android 10.0
In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
7.8
2020-04-16 CVE-2020-2180 Deserialization of Untrusted Data vulnerability in Jenkins Amazon web Services Serverless Application Model 1.2.2
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8
2020-04-16 CVE-2020-2179 Deserialization of Untrusted Data vulnerability in Jenkins Yaml Axis
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8
2020-04-16 CVE-2020-1964 Deserialization of Untrusted Data vulnerability in Apache Heron 0.20.0Incubating/0.20.1Incubating/0.20.2Incubating
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
network
low complexity
apache CWE-502
critical
 9.8
9.8
2020-04-15 CVE-2020-4272 Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files.
network
low complexity
ibm CWE-502
8.8
8.8
2020-04-15 CVE-2020-4271 Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user.
network
low complexity
ibm CWE-502
6.3
6.3