Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-18 | CVE-2021-41419 | Deserialization of Untrusted Data vulnerability in Qvis DVR Firmware and NVR Firmware QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. | 9.8 |
| 2022-07-17 | CVE-2022-30981 | Deserialization of Untrusted Data vulnerability in Gentics CMS 5.43.0 An issue was discovered in Gentics CMS before 5.43.1. | 8.8 |
| 2022-07-12 | CVE-2021-36665 | Deserialization of Untrusted Data vulnerability in Druva Insync Client An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. | 7.8 |
| 2022-06-29 | CVE-2022-33107 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.12 ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. | 9.8 |
| 2022-06-15 | CVE-2022-20195 | Deserialization of Untrusted Data vulnerability in Google Android 12.1 In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. | 5.0 |
| 2022-06-14 | CVE-2021-35095 | Deserialization of Untrusted Data vulnerability in Qualcomm products Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile | 7.0 |
| 2022-06-10 | CVE-2022-25845 | Deserialization of Untrusted Data vulnerability in multiple products The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. | 9.8 |
| 2022-06-10 | CVE-2022-25863 | Deserialization of Untrusted Data vulnerability in Gatsbyjs Gatsby 3.0.0 The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. | 9.8 |
| 2022-06-01 | CVE-2022-29875 | Deserialization of Untrusted Data vulnerability in Siemens products A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). | 9.8 |
| 2022-05-19 | CVE-2022-28948 | Deserialization of Untrusted Data vulnerability in multiple products An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. | 7.5 |