Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-34992 | Deserialization of Untrusted Data vulnerability in Orckestra C1 CMS 6.10 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. | 8.8 |
| 2021-11-11 | CVE-2021-26558 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere-Ui 4.1.1 Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. | 7.5 |
| 2021-11-05 | CVE-2021-42698 | Deserialization of Untrusted Data vulnerability in Azeotech Daqfactory Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. | 7.8 |
| 2021-11-05 | CVE-2021-42237 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. | 9.8 |
| 2021-10-28 | CVE-2021-22097 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. | 6.5 |
| 2021-10-28 | CVE-2019-19810 | Deserialization of Untrusted Data vulnerability in Eleveo Call Recording 6.3.1 Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. | 10.0 |
| 2021-10-26 | CVE-2021-41078 | Deserialization of Untrusted Data vulnerability in Nameko Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. | 7.8 |
| 2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 9.8 |
| 2021-10-21 | CVE-2021-35227 | Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | 7.8 |
| 2021-10-15 | CVE-2021-40720 | Deserialization of Untrusted Data vulnerability in Adobe Ops-Cli Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. | 9.8 |