Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-23307 Deserialization of Untrusted Data vulnerability in Apache Chainsaw 2.0.0
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.
network
low complexity
apache CWE-502
critical
10.0
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
7.5
2022-01-10 CVE-2021-42392 Deserialization of Untrusted Data vulnerability in H2Database H2
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database.
network
low complexity
h2database CWE-502
critical
10.0
2022-01-04 CVE-2022-21647 Deserialization of Untrusted Data vulnerability in Codeigniter
CodeIgniter is an open source PHP full-stack web framework.
network
low complexity
codeigniter CWE-502
7.5
2021-12-27 CVE-2021-45687 Deserialization of Untrusted Data vulnerability in Raw-Cpuid Project Raw-Cpuid
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust.
6.8
2021-12-23 CVE-2021-20318 Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 7.3.9/7.4.0
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978.
network
low complexity
redhat CWE-502
6.5
2021-12-23 CVE-2021-4118 Deserialization of Untrusted Data vulnerability in Pytorchlightning Pytorch Lightning
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
6.8
2021-12-22 CVE-2021-44029 Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority
An issue was discovered in Quest KACE Desktop Authority before 11.2.
network
low complexity
quest CWE-502
7.5
2021-12-21 CVE-2021-36336 Deserialization of Untrusted Data vulnerability in Dell Wyse Management Suite
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.
network
low complexity
dell CWE-502
7.5
2021-12-16 CVE-2021-42550 Deserialization of Untrusted Data vulnerability in multiple products
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
network
qos redhat CWE-502
8.5