Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-32836 Deserialization of Untrusted Data vulnerability in Zstack
ZStack is open source IaaS(infrastructure as a service) software.
network
high complexity
zstack CWE-502
8.1
8.1
2021-09-08 CVE-2021-35217 Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI.
network
low complexity
solarwinds CWE-502
8.8
8.8
2021-09-07 CVE-2021-36163 Deserialization of Untrusted Data vulnerability in Apache Dubbo
In Apache Dubbo, users may choose to use the Hessian protocol.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-09-06 CVE-2021-32568 Deserialization of Untrusted Data vulnerability in Mrdoc
mrdoc is vulnerable to Deserialization of Untrusted Data
local
low complexity
mrdoc CWE-502
7.8
7.8
2021-09-01 CVE-2021-35215 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5.
network
low complexity
solarwinds CWE-502
8.8
8.8
2021-09-01 CVE-2021-35216 Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module.
network
low complexity
solarwinds CWE-502
8.8
8.8
2021-09-01 CVE-2021-35218 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution.
network
low complexity
solarwinds CWE-502
8.8
8.8
2021-08-31 CVE-2021-36231 Deserialization of Untrusted Data vulnerability in Unit4 Mik.Starlight 7.9.5.24363
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
network
low complexity
unit4 CWE-502
8.8
8.8
2021-08-31 CVE-2021-21677 Deserialization of Untrusted Data vulnerability in Jenkins Code Coverage API
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8
2021-08-31 CVE-2021-36981 Deserialization of Untrusted Data vulnerability in Sernet Verinice
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.
network
low complexity
sernet CWE-502
8.8
8.8