Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2021-22855 Deserialization of Untrusted Data vulnerability in HR Portal Project HR Portal 7.3.2020.1013
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized.
network
low complexity
hr-portal-project CWE-502
7.5
2021-02-15 CVE-2021-23338 Deserialization of Untrusted Data vulnerability in Microsoft Qlib
This affects all versions of package qlib.
network
low complexity
microsoft CWE-502
6.5
2021-02-14 CVE-2021-27213 Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.
network
low complexity
pystemon-project CWE-502
7.5
2021-02-12 CVE-2020-27868 Deserialization of Untrusted Data vulnerability in Qognify Ocularis 5.9.0.395
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395.
network
low complexity
qognify CWE-502
critical
10.0
2021-02-08 CVE-2021-26915 Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
network
netmotionsoftware CWE-502
critical
9.3
2021-02-08 CVE-2021-26914 Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
network
netmotionsoftware CWE-502
critical
9.3
2021-02-08 CVE-2021-26913 Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
network
netmotionsoftware CWE-502
critical
9.3
2021-02-08 CVE-2021-26912 Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
network
netmotionsoftware CWE-502
critical
9.3
2021-02-03 CVE-2021-25274 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues.
network
low complexity
solarwinds CWE-502
critical
10.0
2021-02-03 CVE-2021-25758 Deserialization of Untrusted Data vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.
network
low complexity
jetbrains CWE-502
7.5