Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-12 | CVE-2020-36282 | Deserialization of Untrusted Data vulnerability in Rabbitmq JMS Client JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. | 9.8 |
2021-03-11 | CVE-2020-29045 | Deserialization of Untrusted Data vulnerability in Fivestarplugins Five Star Restaurant Menu The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php. | 7.5 |
2021-03-10 | CVE-2021-21371 | Deserialization of Untrusted Data vulnerability in Tenable Jira Cloud Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. | 4.6 |
2021-03-09 | CVE-2021-21488 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. | 4.0 |
2021-03-03 | CVE-2020-29047 | Deserialization of Untrusted Data vulnerability in Thimpress WP Hotel Booking The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | 7.5 |
2021-03-03 | CVE-2021-20076 | Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1/5.17.0 Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | 6.5 |
2021-03-03 | CVE-2021-26857 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |
2021-02-25 | CVE-2021-24066 | Deserialization of Untrusted Data vulnerability in Microsoft products Microsoft SharePoint Remote Code Execution Vulnerability | 8.8 |
2021-02-18 | CVE-2021-27335 | Deserialization of Untrusted Data vulnerability in Kollectapp Kollect 4.8.16 KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | 7.5 |
2021-02-17 | CVE-2021-22855 | Deserialization of Untrusted Data vulnerability in HR Portal Project HR Portal 7.3.2020.1013 The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. | 7.5 |