Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-23	CVE-2021-39144	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.5
2021-08-18	CVE-2021-21867	Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8
2021-08-18	CVE-2021-21868	Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8
2021-08-11	CVE-2021-38585	Deserialization of Untrusted Data vulnerability in Cpanel The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). network low complexity cpanel CWE-502	7.2
2021-08-11	CVE-2021-23420	Deserialization of Untrusted Data vulnerability in Codeception This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. network low complexity codeception CWE-502 critical	9.8
2021-08-06	CVE-2021-37544	Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. network low complexity jetbrains CWE-502 critical	9.8
2021-08-05	CVE-2021-37632	Deserialization of Untrusted Data vulnerability in Config LIB Project Config LIB 1.0.4/1.0.8 SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. network high complexity config-lib-project CWE-502	8.1
2021-08-05	CVE-2021-21863	Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8
2021-08-05	CVE-2021-34371	Deserialization of Untrusted Data vulnerability in Neo4J 3.4.18 Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. network low complexity neo4j CWE-502 critical	9.8
2021-08-04	CVE-2021-36483	Deserialization of Untrusted Data vulnerability in Devexpress DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. network low complexity devexpress CWE-502	8.8