Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-25 | CVE-2020-17532 | Deserialization of Untrusted Data vulnerability in Apache Java Chassis When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. | 8.8 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 7.8 |
| 2021-01-18 | CVE-2021-25294 | Deserialization of Untrusted Data vulnerability in Opencats OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. | 9.8 |
| 2021-01-15 | CVE-2021-21249 | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
| 2021-01-15 | CVE-2021-21247 | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
| 2021-01-15 | CVE-2021-21242 | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
| 2021-01-15 | CVE-2021-21243 | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
| 2021-01-15 | CVE-2020-24639 | Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. | 9.8 |
| 2021-01-13 | CVE-2020-23653 | Deserialization of Untrusted Data vulnerability in Thinkadmin 4.0/5.0/6.0 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | 9.8 |
| 2021-01-13 | CVE-2021-21604 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | 8.0 |