Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-10 | CVE-2021-3040 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 6.5 |
2021-06-06 | CVE-2021-33898 | Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. | 6.8 |
2021-06-03 | CVE-2021-33806 | Deserialization of Untrusted Data vulnerability in Bdew Bdlib The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. | 7.5 |
2021-06-02 | CVE-2021-23894 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 8.8 |
2021-06-02 | CVE-2021-23895 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 8.0 |
2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 7.5 |
2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
2021-05-31 | CVE-2021-33790 | Deserialization of Untrusted Data vulnerability in Techreborn Reborncore The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. | 7.5 |
2021-05-28 | CVE-2021-29505 | Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. | 8.8 |
2021-05-27 | CVE-2021-27852 | Deserialization of Untrusted Data vulnerability in Checkbox Survey Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. | 9.8 |