Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-06 | CVE-2021-44678 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. | 9.8 |
| 2021-12-06 | CVE-2021-44679 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. | 9.8 |
| 2021-12-06 | CVE-2021-44680 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. | 9.8 |
| 2021-12-06 | CVE-2021-44681 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. | 9.8 |
| 2021-12-06 | CVE-2021-44682 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. | 9.8 |
| 2021-12-06 | CVE-2021-36564 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.8 ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. | 9.8 |
| 2021-12-06 | CVE-2021-36567 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.8 ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. | 9.8 |
| 2021-12-03 | CVE-2021-23758 | Deserialization of Untrusted Data vulnerability in Ajaxpro.2 Project Ajaxpro.2 2.9.17.2/6.10.6.2 All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. | 9.8 |
| 2021-12-01 | CVE-2021-43360 | Deserialization of Untrusted Data vulnerability in SUN Ehrd 8/9 Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | 8.8 |
| 2021-11-30 | CVE-2021-22095 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. | 6.5 |