Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-0685 | Deserialization of Untrusted Data vulnerability in Google Android 11.0 In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. | 7.8 |
| 2021-10-01 | CVE-2021-41110 | Deserialization of Untrusted Data vulnerability in Commonwl Cwlviewer cwlviewer is a web application to view and share Common Workflow Language workflows. | 9.8 |
| 2021-09-30 | CVE-2021-41616 | Deserialization of Untrusted Data vulnerability in Apache Ddlutils 1.0 Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. | 9.8 |
| 2021-09-24 | CVE-2021-40102 | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 9.1 |
| 2021-09-24 | CVE-2021-41588 | Deserialization of Untrusted Data vulnerability in Gradle In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. | 8.1 |
| 2021-09-22 | CVE-2021-31819 | Deserialization of Untrusted Data vulnerability in Octopus Halibut In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. | 9.8 |
| 2021-09-15 | CVE-2021-39392 | Deserialization of Untrusted Data vulnerability in Mylittletools Mylittlebackup 1.7 The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | 9.8 |
| 2021-09-10 | CVE-2021-24040 | Deserialization of Untrusted Data vulnerability in Facebook Parlai Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. | 9.8 |
| 2021-09-09 | CVE-2021-37579 | Deserialization of Untrusted Data vulnerability in Apache Dubbo The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. | 9.8 |
| 2021-09-09 | CVE-2021-32836 | Deserialization of Untrusted Data vulnerability in Zstack ZStack is open source IaaS(infrastructure as a service) software. | 8.1 |