Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2020-19229 Deserialization of Untrusted Data vulnerability in Jeesite 1.2.7
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437.
network
low complexity
jeesite CWE-502
critical
 9.8
9.8
2022-04-05 CVE-2021-33207 Deserialization of Untrusted Data vulnerability in Softwareag Mashzone Nextgen 10.7
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
network
low complexity
softwareag CWE-502
critical
 9.8
9.8
2022-03-29 CVE-2022-1032 Deserialization of Untrusted Data vulnerability in Craterapp Crater
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
network
low complexity
craterapp CWE-502
7.2
7.2
2022-03-23 CVE-2021-27460 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid.
network
low complexity
rockwellautomation CWE-502
critical
 9.8
9.8
2022-03-23 CVE-2021-27462 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data.
network
low complexity
rockwellautomation CWE-502
critical
 9.8
9.8
2022-03-23 CVE-2021-27466 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data.
network
low complexity
rockwellautomation CWE-502
critical
 9.8
9.8
2022-03-23 CVE-2021-27470 Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data.
network
low complexity
rockwellautomation CWE-502
critical
 9.8
9.8
2022-03-23 CVE-2021-27475 Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench 12.00.00
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized.
local
low complexity
rockwellautomation CWE-502
8.6
8.6
2022-03-17 CVE-2022-26503 Deserialization of Untrusted Data vulnerability in Veeam
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
local
low complexity
veeam CWE-502
7.8
7.8
2022-03-17 CVE-2022-0749 Deserialization of Untrusted Data vulnerability in Singoo Singoocms.Utility
This affects all versions of package SinGooCMS.Utility.
network
low complexity
singoo CWE-502
critical
 9.8
9.8