Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-07-29 CVE-2021-37578 Deserialization of Untrusted Data vulnerability in Apache Juddi
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-07-28 CVE-2020-5341 Deserialization of Untrusted Data vulnerability in Dell products
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability.
network
low complexity
dell CWE-502
critical
 9.8
9.8
2021-07-22 CVE-2021-35464 Deserialization of Untrusted Data vulnerability in Forgerock AM and Openam
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
network
low complexity
forgerock CWE-502
critical
 9.8
9.8
2021-07-21 CVE-2021-22777 Deserialization of Untrusted Data vulnerability in Schneider-Electric Sosafe Configurable
A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.
local
low complexity
schneider-electric CWE-502
7.8
7.8
2021-07-14 CVE-2021-34520 Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
Microsoft SharePoint Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-502
8.1
8.1
2021-07-09 CVE-2021-32742 Deserialization of Untrusted Data vulnerability in Vapor Project Vapor 4.29.4
Vapor is a web framework for Swift.
network
low complexity
vapor-project CWE-502
critical
 9.1
9.1
2021-07-08 CVE-2021-29150 Deserialization of Untrusted Data vulnerability in Arubanetworks Clearpass Policy Manager
A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9.
network
low complexity
arubanetworks CWE-502
7.2
7.2
2021-07-06 CVE-2021-24384 Deserialization of Untrusted Data vulnerability in Beardev Joomsport
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue.
network
low complexity
beardev CWE-502
critical
 9.8
9.8
2021-06-30 CVE-2021-35971 Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.
network
low complexity
veeam CWE-502
critical
 9.8
9.8
2021-06-29 CVE-2021-22439 Deserialization of Untrusted Data vulnerability in Huawei Anyoffice V200R006C10
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10.
network
high complexity
huawei CWE-502
8.1
8.1