Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2021-3160 Deserialization of Untrusted Data vulnerability in ACA Assuweb 359.3
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.
network
low complexity
aca CWE-502
critical
9.8
2021-01-28 CVE-2020-4888 Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function.
network
low complexity
ibm CWE-502
8.8
2021-01-28 CVE-2020-4682 Deserialization of Untrusted Data vulnerability in IBM MQ, MQ Appliance and Websphere MQ
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data.
network
low complexity
ibm CWE-502
critical
9.8
2021-01-26 CVE-2020-27583 Deserialization of Untrusted Data vulnerability in IBM Infosphere Information Server 8.5
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code.
network
low complexity
ibm CWE-502
critical
9.8
2021-01-25 CVE-2020-17532 Deserialization of Untrusted Data vulnerability in Apache Java Chassis
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.
network
low complexity
apache CWE-502
8.8
2021-01-22 CVE-2020-12525 Deserialization of Untrusted Data vulnerability in multiple products
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
7.8
2021-01-18 CVE-2021-25294 Deserialization of Untrusted Data vulnerability in Opencats
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution.
network
low complexity
opencats CWE-502
critical
9.8
2021-01-15 CVE-2021-21249 Deserialization of Untrusted Data vulnerability in Onedev Project Onedev
OneDev is an all-in-one devops platform.
network
low complexity
onedev-project CWE-502
8.8
2021-01-15 CVE-2021-21247 Deserialization of Untrusted Data vulnerability in Onedev Project Onedev
OneDev is an all-in-one devops platform.
network
low complexity
onedev-project CWE-502
8.8
2021-01-15 CVE-2021-21242 Deserialization of Untrusted Data vulnerability in Onedev Project Onedev
OneDev is an all-in-one devops platform.
network
low complexity
onedev-project CWE-502
critical
9.8