Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-15 | CVE-2019-16335 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
| 2019-09-15 | CVE-2019-14540 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. | 9.8 |
| 2019-09-14 | CVE-2019-16317 | Deserialization of Untrusted Data vulnerability in Pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | 8.8 |
| 2019-09-11 | CVE-2019-0189 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The java.io.ObjectInputStream is known to cause Java serialisation issues. | 9.8 |
| 2019-09-10 | CVE-2017-18605 | Deserialization of Untrusted Data vulnerability in Gravitatedesign Gravitate QA Tracker 1.2.1 The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | 9.8 |
| 2019-09-10 | CVE-2017-18604 | Deserialization of Untrusted Data vulnerability in Sitebuilder Dynamic Components Project Sitebuilder Dynamic Components 1.0 The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | 7.5 |
| 2019-09-05 | CVE-2019-14224 | Deserialization of Untrusted Data vulnerability in Alfresco 5.2 An issue was discovered in Alfresco Community Edition 5.2 201707. | 7.2 |
| 2019-09-05 | CVE-2019-5069 | Deserialization of Untrusted Data vulnerability in Epignosishq Efront LMS A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. | 8.8 |
| 2019-09-05 | CVE-2018-11569 | Deserialization of Untrusted Data vulnerability in Eventum Project Eventum 3.5.0/3.5.1 Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. | 9.8 |
| 2019-08-29 | CVE-2019-15780 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Form Builder The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | 9.8 |