Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-15	CVE-2021-21247	Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. network low complexity onedev-project CWE-502	8.8
2021-01-15	CVE-2021-21242	Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. network low complexity onedev-project CWE-502 critical	9.8
2021-01-15	CVE-2021-21243	Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. network low complexity onedev-project CWE-502 critical	9.8
2021-01-15	CVE-2020-24639	Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. network low complexity arubanetworks CWE-502 critical	9.8
2021-01-13	CVE-2020-23653	Deserialization of Untrusted Data vulnerability in Thinkadmin 4.0/5.0/6.0 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. network low complexity thinkadmin CWE-502 critical	9.8
2021-01-13	CVE-2021-21604	Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. network low complexity jenkins CWE-502	8.0
2021-01-11	CVE-2020-26118	Deserialization of Untrusted Data vulnerability in Smartbear Collaborator In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. network low complexity smartbear CWE-502	8.8
2021-01-11	CVE-2020-11995	Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. network low complexity apache CWE-502 critical	9.8
2021-01-07	CVE-2020-36183	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2021-01-07	CVE-2020-36182	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. network high complexity fasterxml netapp debian oracle CWE-502	8.1