Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-20 | CVE-2019-17571 | Deserialization of Untrusted Data vulnerability in multiple products Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. | 9.8 |
| 2019-12-19 | CVE-2019-19909 | Deserialization of Untrusted Data vulnerability in SFU Open Journal System An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. | 8.8 |
| 2019-12-18 | CVE-2019-8662 | Deserialization of Untrusted Data vulnerability in Apple products This issue was addressed with improved checks. | 9.8 |
| 2019-12-17 | CVE-2019-19849 | Deserialization of Untrusted Data vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 8.8 |
| 2019-12-17 | CVE-2019-18956 | Deserialization of Untrusted Data vulnerability in Divisait products Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. | 9.8 |
| 2019-12-16 | CVE-2019-19826 | Deserialization of Untrusted Data vulnerability in Drupal Views Dynamic Field The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. | 9.8 |
| 2019-12-15 | CVE-2014-3699 | Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has RCE via cPickle deserialization of untrusted data | 9.8 |
| 2019-12-12 | CVE-2019-16774 | Deserialization of Untrusted Data vulnerability in PHPfastcache In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. | 9.8 |
| 2019-12-12 | CVE-2019-18316 | Deserialization of Untrusted Data vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 9.8 |
| 2019-12-12 | CVE-2019-18283 | Deserialization of Untrusted Data vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 9.8 |