Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-08	CVE-2021-1413	Deserialization of Untrusted Data vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. network low complexity cisco CWE-502	6.3
2021-03-29	CVE-2021-27240	Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager 2020.2.1 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. local low complexity solarwinds CWE-502	7.8
2021-03-23	CVE-2021-21349	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502	8.6
2021-03-23	CVE-2021-21342	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502 critical	9.1
2021-03-23	CVE-2021-21341	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502	7.5
2021-03-22	CVE-2021-26295	Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. network low complexity apache CWE-502 critical	9.8
2021-03-12	CVE-2020-36282	Deserialization of Untrusted Data vulnerability in Rabbitmq JMS Client JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. network low complexity rabbitmq CWE-502 critical	9.8
2021-03-11	CVE-2020-29045	Deserialization of Untrusted Data vulnerability in Fivestarplugins Five Star Restaurant Menu The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php. network low complexity fivestarplugins CWE-502 critical	9.8
2021-03-10	CVE-2021-21371	Deserialization of Untrusted Data vulnerability in Tenable Jira Cloud Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. local low complexity tenable CWE-502	8.6
2021-03-09	CVE-2021-21488	Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. network low complexity sap CWE-502	6.5