Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-06 | CVE-2021-44682 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. | 9.8 |
| 2021-12-06 | CVE-2021-36564 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.8 ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. | 9.8 |
| 2021-12-06 | CVE-2021-36567 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.8 ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. | 9.8 |
| 2021-12-03 | CVE-2021-23758 | Deserialization of Untrusted Data vulnerability in Ajaxpro.2 Project Ajaxpro.2 2.9.17.2/6.10.6.2 All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. | 9.8 |
| 2021-11-30 | CVE-2021-22095 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. | 6.5 |
| 2021-11-15 | CVE-2021-34992 | Deserialization of Untrusted Data vulnerability in Orckestra C1 CMS 6.10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. | 8.8 |
| 2021-11-11 | CVE-2021-26558 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere-Ui 4.1.1 Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. | 7.5 |
| 2021-11-05 | CVE-2021-42237 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. | 9.8 |
| 2021-10-28 | CVE-2021-22097 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. | 6.5 |
| 2021-10-28 | CVE-2019-19810 | Deserialization of Untrusted Data vulnerability in Eleveo Call Recording 6.3.1 Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. | 10.0 |