Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-25 | CVE-2022-36119 | Deserialization of Untrusted Data vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 8.8 |
| 2022-08-24 | CVE-2021-4125 | Deserialization of Untrusted Data vulnerability in Redhat Openshift It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. | 8.1 |
| 2022-08-24 | CVE-2021-4178 | Deserialization of Untrusted Data vulnerability in Redhat products A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. | 6.7 |
| 2022-08-22 | CVE-2022-33900 | Deserialization of Untrusted Data vulnerability in Sandhillsdev Easy Digital Downloads PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | 7.2 |
| 2022-08-19 | CVE-2022-29805 | Deserialization of Untrusted Data vulnerability in Fishbowlinventory Fishbowl A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. | 9.8 |
| 2022-08-19 | CVE-2022-2886 | Deserialization of Untrusted Data vulnerability in Laravel A vulnerability, which was classified as critical, was found in Laravel 5.1. | 8.8 |
| 2022-08-15 | CVE-2022-36006 | Deserialization of Untrusted Data vulnerability in Arvados Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. | 8.8 |
| 2022-08-04 | CVE-2022-33947 | Deserialization of Untrusted Data vulnerability in F5 Big-Ip Domain Name System In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. | 6.5 |
| 2022-07-25 | CVE-2022-35870 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition 8.1.15 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). | 7.8 |
| 2022-07-20 | CVE-2022-33315 | Deserialization of Untrusted Data vulnerability in multiple products Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes. | 7.8 |