Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-24 | CVE-2021-41588 | Deserialization of Untrusted Data vulnerability in Gradle In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. | 8.1 |
| 2021-09-22 | CVE-2021-31819 | Deserialization of Untrusted Data vulnerability in Octopus Halibut In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. | 9.8 |
| 2021-09-15 | CVE-2021-39392 | Deserialization of Untrusted Data vulnerability in Mylittletools Mylittlebackup 1.7 The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | 9.8 |
| 2021-09-10 | CVE-2021-24040 | Deserialization of Untrusted Data vulnerability in Facebook Parlai Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. | 9.8 |
| 2021-09-09 | CVE-2021-37579 | Deserialization of Untrusted Data vulnerability in Apache Dubbo The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. | 9.8 |
| 2021-09-09 | CVE-2021-32836 | Deserialization of Untrusted Data vulnerability in Zstack ZStack is open source IaaS(infrastructure as a service) software. | 8.1 |
| 2021-09-08 | CVE-2021-35217 | Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. | 8.8 |
| 2021-09-07 | CVE-2021-36163 | Deserialization of Untrusted Data vulnerability in Apache Dubbo In Apache Dubbo, users may choose to use the Hessian protocol. | 9.8 |
| 2021-09-06 | CVE-2021-32568 | Deserialization of Untrusted Data vulnerability in Mrdoc mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 |
| 2021-09-01 | CVE-2021-35215 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. | 8.8 |