Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-07-26 CVE-2018-11779 Deserialization of Untrusted Data vulnerability in Apache Storm
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2019-07-15 CVE-2019-1010306 Deserialization of Untrusted Data vulnerability in Teller Slanger 0.6.0
Slanger 0.6.0 is affected by: Remote Code Execution (RCE).
network
low complexity
teller CWE-502
critical
 9.8
9.8
2019-07-11 CVE-2019-10135 Deserialization of Untrusted Data vulnerability in Osbs-Client Project Osbs-Client
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1.
network
low complexity
osbs-client-project CWE-502
7.2
7.2
2019-07-09 CVE-2018-11307 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5.
network
low complexity
fasterxml redhat oracle CWE-502
critical
 9.8
9.8
2019-07-09 CVE-2019-12747 Deserialization of Untrusted Data vulnerability in Typo3
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
network
low complexity
typo3 CWE-502
8.8
8.8
2019-06-24 CVE-2019-12384 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization.
network
high complexity
fasterxml debian redhat CWE-502
5.9
5.9
2019-06-21 CVE-2019-11011 Deserialization of Untrusted Data vulnerability in Akamai Cloudtest
Akamai CloudTest before 58.30 allows remote code execution.
network
low complexity
akamai CWE-502
critical
 9.8
9.8
2019-06-20 CVE-2018-15890 Deserialization of Untrusted Data vulnerability in Ethereum Ethereumj 1.8.2
An issue was discovered in EthereumJ 1.8.2.
network
low complexity
ethereum CWE-502
critical
 9.8
9.8
2019-06-19 CVE-2019-12814 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9.
network
high complexity
fasterxml debian CWE-502
5.9
5.9
2019-06-18 CVE-2019-12868 Deserialization of Untrusted Data vulnerability in Misp 2.4.109
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
network
low complexity
misp CWE-502
7.2
7.2