Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-31649 | Deserialization of Untrusted Data vulnerability in Jfinal In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute | 9.8 |
| 2021-06-22 | CVE-2021-34393 | Deserialization of Untrusted Data vulnerability in Nvidia Jetson Linux Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. | 4.4 |
| 2021-06-22 | CVE-2021-34394 | Deserialization of Untrusted Data vulnerability in Nvidia Jetson Linux Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. | 6.7 |
| 2021-06-21 | CVE-2021-35196 | Deserialization of Untrusted Data vulnerability in Theologeek Manuskript Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. | 7.8 |
| 2021-06-16 | CVE-2020-9493 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | 9.8 |
| 2021-06-10 | CVE-2021-3040 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-06-06 | CVE-2021-33898 | Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. | 8.1 |
| 2021-06-03 | CVE-2021-33806 | Deserialization of Untrusted Data vulnerability in Bdew Bdlib The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. | 9.8 |
| 2021-06-02 | CVE-2021-23894 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 8.8 |
| 2021-06-02 | CVE-2021-23895 | Deserialization of Untrusted Data vulnerability in Mcafee Database Security 4.6.6/4.8.0 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | 8.0 |