Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-09 | CVE-2022-44558 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. | 9.8 |
2022-11-09 | CVE-2022-44559 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. | 9.8 |
2022-11-08 | CVE-2022-32601 | Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0 In telephony, there is a possible permission bypass due to a parcel format mismatch. | 7.8 |
2022-11-08 | CVE-2022-31199 | Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8 Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. | 9.8 |
2022-11-04 | CVE-2022-43567 | Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. | 8.8 |
2022-11-01 | CVE-2022-44542 | Deserialization of Untrusted Data vulnerability in Lesspipe Project Lesspipe lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 |
2022-10-31 | CVE-2022-3360 | Deserialization of Untrusted Data vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). | 8.1 |
2022-10-31 | CVE-2022-3380 | Deserialization of Untrusted Data vulnerability in Wpbeaverbuilder Customizer Export/Import The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
2022-10-26 | CVE-2022-39944 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. | 8.8 |
2022-10-26 | CVE-2022-40238 | Deserialization of Untrusted Data vulnerability in Cert Vince A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. | 8.8 |