Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-27277 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2.
local
low complexity
solarwinds CWE-502
7.8
7.8
2021-04-22 CVE-2021-3287 Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
network
low complexity
zohocorp CWE-502
critical
 9.8
9.8
2021-04-21 CVE-2021-21426 Deserialization of Untrusted Data vulnerability in Openmage Magento
Magento-lts is a long-term support alternative to Magento Community Edition (CE).
network
low complexity
openmage CWE-502
critical
 9.8
9.8
2021-04-20 CVE-2021-3035 Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file.
network
low complexity
paloaltonetworks CWE-502
7.2
7.2
2021-04-15 CVE-2021-27850 Deserialization of Untrusted Data vulnerability in Apache Tapestry
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-04-14 CVE-2021-29654 Deserialization of Untrusted Data vulnerability in Stackpath Ajaxsearchpro
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
network
low complexity
stackpath CWE-502
7.2
7.2
2021-04-12 CVE-2021-21524 Deserialization of Untrusted Data vulnerability in Dell products
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability.
network
low complexity
dell CWE-502
critical
 9.8
9.8
2021-04-12 CVE-2021-24217 Deserialization of Untrusted Data vulnerability in Facebook
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability.
network
high complexity
facebook CWE-502
8.1
8.1
2021-04-08 CVE-2021-1415 Deserialization of Untrusted Data vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device.
network
low complexity
cisco CWE-502
6.3
6.3
2021-04-08 CVE-2021-1414 Deserialization of Untrusted Data vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device.
network
low complexity
cisco CWE-502
6.3
6.3