Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-13	CVE-2021-40843	Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. local low complexity proofpoint CWE-502	7.3
2021-10-12	CVE-2021-33728	Deserialization of Untrusted Data vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). network low complexity siemens CWE-502	7.2
2021-10-11	CVE-2021-25738	Deserialization of Untrusted Data vulnerability in Kubernetes Java Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. local low complexity kubernetes CWE-502	6.7
2021-10-07	CVE-2021-42090	Deserialization of Untrusted Data vulnerability in Zammad An issue was discovered in Zammad before 4.1.1. network low complexity zammad CWE-502 critical	9.8
2021-10-06	CVE-2021-0685	Deserialization of Untrusted Data vulnerability in Google Android 11.0 In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. local low complexity google CWE-502	7.8
2021-10-01	CVE-2021-41110	Deserialization of Untrusted Data vulnerability in Commonwl Cwlviewer cwlviewer is a web application to view and share Common Workflow Language workflows. network low complexity commonwl CWE-502 critical	9.8
2021-09-30	CVE-2021-41616	Deserialization of Untrusted Data vulnerability in Apache Ddlutils 1.0 Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. network low complexity apache CWE-502 critical	9.8
2021-09-24	CVE-2021-40102	Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. network low complexity concretecms CWE-502 critical	9.1
2021-09-24	CVE-2021-41588	Deserialization of Untrusted Data vulnerability in Gradle In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. network high complexity gradle CWE-502	8.1
2021-09-22	CVE-2021-31819	Deserialization of Untrusted Data vulnerability in Octopus Halibut In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. network low complexity octopus CWE-502 critical	9.8