Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-11-20 CVE-2022-3525 Deserialization of Untrusted Data vulnerability in Librenms
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
network
low complexity
librenms CWE-502
8.8
8.8
2022-11-17 CVE-2022-45077 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme
Auth.
network
low complexity
muffingroup CWE-502
8.8
8.8
2022-11-16 CVE-2022-45047 Deserialization of Untrusted Data vulnerability in Apache Sshd
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2022-11-12 CVE-2022-38650 Deserialization of Untrusted Data vulnerability in VMWare Hyperic Server 5.8.6
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6.
network
low complexity
vmware CWE-502
critical
 10.0
10
2022-11-12 CVE-2022-38652 Deserialization of Untrusted Data vulnerability in VMWare Hyperic Agent 5.8.6
A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6.
network
low complexity
vmware CWE-502
critical
 9.9
9.9
2022-11-09 CVE-2022-44558 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The AMS module has a vulnerability of serialization/deserialization mismatch.
network
low complexity
huawei CWE-502
critical
 9.8
9.8
2022-11-09 CVE-2022-44559 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The AMS module has a vulnerability of serialization/deserialization mismatch.
network
low complexity
huawei CWE-502
critical
 9.8
9.8
2022-11-08 CVE-2022-32601 Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0
In telephony, there is a possible permission bypass due to a parcel format mismatch.
local
low complexity
google CWE-502
7.8
7.8
2022-11-08 CVE-2022-31199 Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems.
network
low complexity
netwrix CWE-502
critical
 9.8
9.8
2022-11-04 CVE-2022-43567 Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
network
low complexity
splunk CWE-502
8.8
8.8