Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-35216 Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module.
network
low complexity
solarwinds CWE-502
8.8
8.8
2021-09-01 CVE-2021-35218 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution.
network
low complexity
solarwinds CWE-502
8.8
8.8
2021-08-31 CVE-2021-36231 Deserialization of Untrusted Data vulnerability in Unit4 Mik.Starlight 7.9.5.24363
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
network
low complexity
unit4 CWE-502
8.8
8.8
2021-08-31 CVE-2021-21677 Deserialization of Untrusted Data vulnerability in Jenkins Code Coverage API
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8
2021-08-31 CVE-2021-36981 Deserialization of Untrusted Data vulnerability in Sernet Verinice
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.
network
low complexity
sernet CWE-502
8.8
8.8
2021-08-30 CVE-2021-39132 Deserialization of Untrusted Data vulnerability in Pagerduty Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI.
network
low complexity
pagerduty CWE-502
8.8
8.8
2021-08-30 CVE-2021-34066 Deserialization of Untrusted Data vulnerability in Edgegallery Developer-Be 0.9/0.9.1
An issue was discovered in EdgeGallery/developer before v1.0.
network
low complexity
edgegallery CWE-502
critical
 9.8
9.8
2021-08-30 CVE-2021-21741 Deserialization of Untrusted Data vulnerability in ZTE Zxv10 M910 Firmware
There is a command execution vulnerability in a ZTE conference management system.
network
low complexity
zte CWE-502
critical
 9.8
9.8
2021-08-30 CVE-2021-24579 Deserialization of Untrusted Data vulnerability in Bold-Themes Bold Page Builder
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection.
network
low complexity
bold-themes CWE-502
8.8
8.8
2021-08-25 CVE-2021-21869 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
local
low complexity
codesys CWE-502
7.8
7.8