Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-22 | CVE-2019-6338 | Deserialization of Untrusted Data vulnerability in multiple products In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. | 8.0 |
| 2019-01-17 | CVE-2018-20732 | Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4 SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | 9.8 |
| 2019-01-16 | CVE-2019-6446 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in NumPy 1.16.0 and earlier. | 9.8 |
| 2019-01-15 | CVE-2018-20718 | Deserialization of Untrusted Data vulnerability in Pydio In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. | 9.8 |
| 2019-01-09 | CVE-2018-6162 | Deserialization of Untrusted Data vulnerability in multiple products Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2019-01-02 | CVE-2018-19362 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | 9.8 |
| 2019-01-02 | CVE-2018-19361 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | 9.8 |
| 2019-01-02 | CVE-2018-19360 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | 9.8 |
| 2019-01-02 | CVE-2018-14720 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | 9.8 |
| 2019-01-02 | CVE-2018-14719 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | 9.8 |