Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-44558 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The AMS module has a vulnerability of serialization/deserialization mismatch.
network
low complexity
huawei CWE-502
critical
9.8
2022-11-09 CVE-2022-44559 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The AMS module has a vulnerability of serialization/deserialization mismatch.
network
low complexity
huawei CWE-502
critical
9.8
2022-11-08 CVE-2022-32601 Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0
In telephony, there is a possible permission bypass due to a parcel format mismatch.
local
low complexity
google CWE-502
7.8
2022-11-08 CVE-2022-31199 Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems.
network
low complexity
netwrix CWE-502
critical
9.8
2022-11-04 CVE-2022-43567 Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
network
low complexity
splunk CWE-502
8.8
2022-11-01 CVE-2022-44542 Deserialization of Untrusted Data vulnerability in Lesspipe Project Lesspipe
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.
network
low complexity
lesspipe-project CWE-502
critical
9.8
2022-10-31 CVE-2022-3360 Deserialization of Untrusted Data vulnerability in Thimpress Learnpress
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE).
network
high complexity
thimpress CWE-502
8.1
2022-10-31 CVE-2022-3380 Deserialization of Untrusted Data vulnerability in Wpbeaverbuilder Customizer Export/Import
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
network
low complexity
wpbeaverbuilder CWE-502
7.2
2022-10-26 CVE-2022-39944 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters.
network
low complexity
apache CWE-502
8.8
2022-10-26 CVE-2022-40238 Deserialization of Untrusted Data vulnerability in Cert Vince
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5.
network
low complexity
cert CWE-502
8.8