Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2020-01-17 CVE-2019-17635 Deserialization of Untrusted Data vulnerability in Eclipse Memory Analyzer
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer.
local
low complexity
eclipse CWE-502
7.8
7.8
2020-01-15 CVE-2020-2604 Deserialization of Untrusted Data vulnerability in multiple products
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). 		8.1
8.1
2020-01-15 CVE-2020-2555 Deserialization of Untrusted Data vulnerability in Oracle products
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation).
network
low complexity
oracle CWE-502
critical
 9.8
9.8
2020-01-08 CVE-2019-17076 Deserialization of Untrusted Data vulnerability in Jamf
An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1.
network
low complexity
jamf CWE-502
critical
 9.8
9.8
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
critical
 9.8
9.8
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
 9.8
9.8
2020-01-02 CVE-2016-1000027 Deserialization of Untrusted Data vulnerability in VMWare Spring Framework
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data.
network
low complexity
vmware CWE-502
critical
 9.8
9.8
2019-12-31 CVE-2019-14466 Deserialization of Untrusted Data vulnerability in multiple products
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
network
low complexity
gosa-project debian CWE-502
6.5
6.5
2019-12-30 CVE-2019-19470 Deserialization of Untrusted Data vulnerability in Tinywall
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker.
local
low complexity
tinywall CWE-502
7.8
7.8
2019-12-23 CVE-2019-18211 Deserialization of Untrusted Data vulnerability in Orckestra C1 CMS
An issue was discovered in Orckestra C1 CMS through 6.6.
network
low complexity
orckestra CWE-502
8.8
8.8