Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-07 | CVE-2022-26472 | Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0 In ims, there is a possible escalation of privilege due to a parcel format mismatch. | 7.8 |
| 2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
| 2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
| 2022-09-23 | CVE-2022-36944 | Deserialization of Untrusted Data vulnerability in multiple products Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. | 9.8 |
| 2022-09-16 | CVE-2022-39008 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The NFC module has bundle serialization/deserialization vulnerabilities. | 9.1 |
| 2022-09-15 | CVE-2022-38352 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.13 ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. | 9.8 |
| 2022-09-06 | CVE-2022-2433 | Deserialization of Untrusted Data vulnerability in Connekthq Ajax Load More The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. | 8.8 |
| 2022-09-06 | CVE-2022-2434 | Deserialization of Untrusted Data vulnerability in Instawp String Locator The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. | 8.8 |
| 2022-09-06 | CVE-2022-2436 | Deserialization of Untrusted Data vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. | 8.8 |
| 2022-09-06 | CVE-2022-2438 | Deserialization of Untrusted Data vulnerability in Managewp Broken Link Checker The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. | 7.2 |