Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2021-23338 | Deserialization of Untrusted Data vulnerability in Microsoft Qlib This affects all versions of package qlib. | 6.5 |
| 2021-02-14 | CVE-2021-27213 | Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 7.5 |
| 2021-02-12 | CVE-2020-27868 | Deserialization of Untrusted Data vulnerability in Qognify Ocularis 5.9.0.395 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. | 10.0 |
| 2021-02-08 | CVE-2021-26915 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | 9.3 |
| 2021-02-08 | CVE-2021-26914 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | 9.3 |
| 2021-02-08 | CVE-2021-26913 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | 9.3 |
| 2021-02-08 | CVE-2021-26912 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | 9.3 |
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 10.0 |
| 2021-02-03 | CVE-2021-25758 | Deserialization of Untrusted Data vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | 4.6 |
| 2021-01-28 | CVE-2021-3160 | Deserialization of Untrusted Data vulnerability in ACA Assuweb 359.3 Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server. | 7.5 |