Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-1032 | Deserialization of Untrusted Data vulnerability in Craterapp Crater Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. | 7.2 |
| 2022-03-23 | CVE-2021-27460 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. | 9.8 |
| 2022-03-23 | CVE-2021-27462 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27466 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27470 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. | 9.8 |
| 2022-03-23 | CVE-2021-27475 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. | 8.6 |
| 2022-03-17 | CVE-2022-26503 | Deserialization of Untrusted Data vulnerability in Veeam Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | 7.8 |
| 2022-03-17 | CVE-2022-0749 | Deserialization of Untrusted Data vulnerability in Singoo Singoocms.Utility This affects all versions of package SinGooCMS.Utility. | 9.8 |
| 2022-03-10 | CVE-2022-23940 | Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. | 8.8 |
| 2022-02-18 | CVE-2022-0138 | Deserialization of Untrusted Data vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created. | 7.5 |