Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-20195 Deserialization of Untrusted Data vulnerability in Google Android 12.1
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization.
local
google CWE-502
1.9
2022-06-14 CVE-2022-29615 Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x.
local
low complexity
sap CWE-502
3.6
2022-06-10 CVE-2022-25845 Deserialization of Untrusted Data vulnerability in Alibaba Fastjson
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.
network
alibaba CWE-502
6.8
2022-06-10 CVE-2022-25863 Deserialization of Untrusted Data vulnerability in Gatsbyjs Gatsby
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization.
network
low complexity
gatsbyjs CWE-502
7.5
2022-06-07 CVE-2022-31279 Deserialization of Untrusted Data vulnerability in Laravel 9.1.8
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.
network
low complexity
laravel CWE-502
7.5
2022-06-02 CVE-2022-1660 Deserialization of Untrusted Data vulnerability in Keysight N6841A RF Firmware and N6854A Firmware
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
keysight CWE-502
critical
10.0
2022-06-01 CVE-2022-29875 Deserialization of Untrusted Data vulnerability in Siemens products
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02).
network
siemens CWE-502
critical
9.3
2022-05-23 CVE-2021-32935 Deserialization of Untrusted Data vulnerability in Cognex In-Sight OPC Server
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation.
network
low complexity
cognex CWE-502
critical
10.0
2022-05-19 CVE-2022-28948 Deserialization of Untrusted Data vulnerability in Yaml Project Yaml 3.0.0
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
network
low complexity
yaml-project CWE-502
5.0
2022-05-17 CVE-2022-1118 Deserialization of Untrusted Data vulnerability in Rockwellautomation products
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized.
6.8