Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 9.8 |
| 2021-02-03 | CVE-2021-25758 | Deserialization of Untrusted Data vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | 7.8 |
| 2021-01-28 | CVE-2021-3160 | Deserialization of Untrusted Data vulnerability in ACA Assuweb 359.3 Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server. | 9.8 |
| 2021-01-28 | CVE-2020-4888 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
| 2021-01-28 | CVE-2020-4682 | Deserialization of Untrusted Data vulnerability in IBM MQ, MQ Appliance and Websphere MQ IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. | 9.8 |
| 2021-01-26 | CVE-2020-27583 | Deserialization of Untrusted Data vulnerability in IBM Infosphere Information Server 8.5 IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. | 9.8 |
| 2021-01-25 | CVE-2020-17532 | Deserialization of Untrusted Data vulnerability in Apache Java Chassis When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. | 8.8 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2021-01-18 | CVE-2021-25294 | Deserialization of Untrusted Data vulnerability in Opencats OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. | 9.8 |
| 2021-01-15 | CVE-2021-21249 | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |