Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-14 | CVE-2021-27213 | Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 9.8 |
| 2021-02-08 | CVE-2021-26915 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | 8.1 |
| 2021-02-08 | CVE-2021-26914 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | 8.1 |
| 2021-02-08 | CVE-2021-26913 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | 8.1 |
| 2021-02-08 | CVE-2021-26912 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | 8.1 |
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 9.8 |
| 2021-02-03 | CVE-2021-25758 | Deserialization of Untrusted Data vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | 7.8 |
| 2021-01-28 | CVE-2021-3160 | Deserialization of Untrusted Data vulnerability in ACA Assuweb 359.3 Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server. | 9.8 |
| 2021-01-28 | CVE-2020-4888 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |
| 2021-01-28 | CVE-2020-4682 | Deserialization of Untrusted Data vulnerability in IBM MQ, MQ Appliance and Websphere MQ IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. | 9.8 |