Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-10	CVE-2021-42392	Deserialization of Untrusted Data vulnerability in multiple products The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. network low complexity h2database debian oracle CWE-502 critical	9.8
2022-01-06	CVE-2022-21663	Deserialization of Untrusted Data vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. network low complexity wordpress debian fedoraproject CWE-502	7.2
2022-01-04	CVE-2022-21647	Deserialization of Untrusted Data vulnerability in Codeigniter CodeIgniter is an open source PHP full-stack web framework. network low complexity codeigniter CWE-502 critical	9.8
2021-12-22	CVE-2021-43853	Deserialization of Untrusted Data vulnerability in Ajax.Net Professional Project Ajax.Net Professional Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. network low complexity ajax-net-professional-project CWE-502	5.4
2021-12-22	CVE-2021-44029	Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. network low complexity quest CWE-502 critical	9.8
2021-12-16	CVE-2021-42550	Deserialization of Untrusted Data vulnerability in multiple products In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. network high complexity qos redhat netapp siemens CWE-502	6.6
2021-12-15	CVE-2021-0970	Deserialization of Untrusted Data vulnerability in Google Android In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. local low complexity google CWE-502	7.8
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-12-07	CVE-2021-42127	Deserialization of Untrusted Data vulnerability in Ivanti Avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. network low complexity ivanti CWE-502 critical	9.8
2021-12-07	CVE-2021-42130	Deserialization of Untrusted Data vulnerability in Ivanti Avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. network low complexity ivanti CWE-502	8.8