Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-23894 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 8.8 |
| 2021-06-02 | CVE-2021-23895 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 8.0 |
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 9.8 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
| 2021-05-31 | CVE-2021-33790 | Deserialization of Untrusted Data vulnerability in Techreborn Reborncore The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. | 9.8 |
| 2021-05-27 | CVE-2021-27852 | Deserialization of Untrusted Data vulnerability in Checkbox Survey Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. | 9.8 |
| 2021-05-24 | CVE-2021-32075 | Deserialization of Untrusted Data vulnerability in Re-Logic Terraria Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. | 9.8 |
| 2021-05-24 | CVE-2021-24307 | Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. | 8.8 |
| 2021-05-14 | CVE-2021-24280 | Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. | 8.8 |
| 2021-05-13 | CVE-2021-33026 | Deserialization of Untrusted Data vulnerability in Flask-Caching Project Flask-Caching The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. | 9.8 |