Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-9006 | Deserialization of Untrusted Data vulnerability in Sygnoos Popup Builder The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. | 9.8 |
| 2020-02-13 | CVE-2020-8801 | Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.11 allows PHAR Deserialization. | 7.2 |
| 2020-02-12 | CVE-2020-2123 | Deserialization of Untrusted Data vulnerability in Jenkins Radargun Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-02-11 | CVE-2020-0618 | Deserialization of Untrusted Data vulnerability in Microsoft SQL Server 2012/2014/2016 A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | 8.8 |
| 2020-02-10 | CVE-2020-8840 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | 9.8 |
| 2020-02-07 | CVE-2020-6770 | Deserialization of Untrusted Data vulnerability in Bosch products Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-06 | CVE-2013-4521 | Deserialization of Untrusted Data vulnerability in Nuxeo 5.6.0/5.8.0 RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. | 9.8 |
| 2020-01-29 | CVE-2020-3716 | Deserialization of Untrusted Data vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2020-01-23 | CVE-2019-17570 | Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. | 9.8 |
| 2020-01-22 | CVE-2020-6959 | Deserialization of Untrusted Data vulnerability in Honeywell products The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. | 9.8 |