Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-08 | CVE-2021-29150 | Deserialization of Untrusted Data vulnerability in Arubanetworks Clearpass Policy Manager A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. | 9.0 |
| 2021-07-06 | CVE-2021-24384 | Deserialization of Untrusted Data vulnerability in Beardev Joomsport The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. | 7.5 |
| 2021-06-30 | CVE-2021-35971 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 10.0 Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | 7.5 |
| 2021-06-29 | CVE-2021-22439 | Deserialization of Untrusted Data vulnerability in Huawei Anyoffice V200R006C10 There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. | 9.3 |
| 2021-06-29 | CVE-2021-29485 | Deserialization of Untrusted Data vulnerability in Ratpack Project Ratpack Ratpack is a toolkit for creating web applications. | 6.5 |
| 2021-06-24 | CVE-2021-31649 | Deserialization of Untrusted Data vulnerability in Jfinal In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute | 7.5 |
| 2021-06-22 | CVE-2021-34393 | Deserialization of Untrusted Data vulnerability in Nvidia Jetson Linux Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. | 2.1 |
| 2021-06-22 | CVE-2021-34394 | Deserialization of Untrusted Data vulnerability in Nvidia Jetson Linux Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. | 4.6 |
| 2021-06-21 | CVE-2021-35196 | Deserialization of Untrusted Data vulnerability in Theologeek Manuskript Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. | 7.8 |
| 2021-06-16 | CVE-2020-9493 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | 9.8 |