Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-10-12 CVE-2022-39297 Deserialization of Untrusted Data vulnerability in Melistechnology Meliscms
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools.
network
low complexity
melistechnology CWE-502
critical
 9.8
9.8
2022-10-12 CVE-2018-18446 Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
network
low complexity
dotpdn CWE-502
critical
 9.8
9.8
2022-10-12 CVE-2018-18447 Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
network
low complexity
dotpdn CWE-502
critical
 9.8
9.8
2022-10-07 CVE-2022-31680 Deserialization of Untrusted Data vulnerability in VMWare Vcenter Server
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller).
network
low complexity
vmware CWE-502
critical
 9.1
9.1
2022-10-07 CVE-2022-26471 Deserialization of Untrusted Data vulnerability in Google Android 12.0
In telephony, there is a possible escalation of privilege due to a parcel format mismatch.
local
low complexity
google CWE-502
7.8
7.8
2022-10-07 CVE-2022-26472 Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0
In ims, there is a possible escalation of privilege due to a parcel format mismatch.
local
low complexity
google CWE-502
7.8
7.8
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-09-23 CVE-2022-36944 Deserialization of Untrusted Data vulnerability in multiple products
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file.
network
low complexity
scala-lang fedoraproject CWE-502
critical
 9.8
9.8
2022-09-16 CVE-2022-39008 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The NFC module has bundle serialization/deserialization vulnerabilities.
network
low complexity
huawei CWE-502
critical
 9.1
9.1