Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-41078 | Deserialization of Untrusted Data vulnerability in Nameko Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. | 7.8 |
| 2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 9.8 |
| 2021-10-21 | CVE-2021-35227 | Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | 7.8 |
| 2021-10-13 | CVE-2021-40843 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. | 7.3 |
| 2021-10-11 | CVE-2021-25738 | Deserialization of Untrusted Data vulnerability in Kubernetes Java Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | 6.7 |
| 2021-10-07 | CVE-2021-42090 | Deserialization of Untrusted Data vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. | 9.8 |
| 2021-10-06 | CVE-2021-0685 | Deserialization of Untrusted Data vulnerability in Google Android 11.0 In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. | 7.8 |
| 2021-10-01 | CVE-2021-41110 | Deserialization of Untrusted Data vulnerability in Commonwl Cwlviewer cwlviewer is a web application to view and share Common Workflow Language workflows. | 9.8 |
| 2021-09-30 | CVE-2021-41616 | Deserialization of Untrusted Data vulnerability in Apache Ddlutils 1.0 Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. | 9.8 |
| 2021-09-24 | CVE-2021-40102 | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 9.1 |