• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-502

CVE-2021-34066

February 23, 2023 by

An issue was discovered in EdgeGallery/developer before v1.0. There is a “Deserialization of yaml file” vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.

CVE-2021-33898

February 23, 2023 by

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result in remote code execution. The attacker’s input must be hosted at http://www.geoplugin.net (cleartext HTTP), and thus a successful attack requires spoofing that site or obtaining control of it.

CVE-2021-33790

February 23, 2023 by

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation might or might not be present, depending on what Minecraft modifications are installed.

CVE-2021-33806

February 23, 2023 by

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.

CVE-2021-33728

February 23, 2023 by

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.

CVE-2021-33420

February 23, 2023 by

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 81
  • Go to page 82
  • Go to page 83
  • Go to page 84
  • Go to page 85
  • Interim pages omitted …
  • Go to page 129
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE