Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-46364 | Deserialization of Untrusted Data vulnerability in Magnolia-Cms Magnolia CMS A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | 7.8 |
| 2022-02-11 | CVE-2022-24289 | Deserialization of Untrusted Data vulnerability in Apache Cayenne Hessian serialization is a network protocol that supports object-based transmission. | 8.8 |
| 2022-02-09 | CVE-2022-0538 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | 7.5 |
| 2022-01-31 | CVE-2021-42631 | Deserialization of Untrusted Data vulnerability in Printerlogic Virtual Appliance and web Stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. | 8.1 |
| 2022-01-28 | CVE-2021-45899 | Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. | 9.8 |
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 8.1 |
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2022-01-18 | CVE-2022-23307 | Deserialization of Untrusted Data vulnerability in multiple products CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. | 8.8 |
| 2022-01-18 | CVE-2021-45394 | Deserialization of Untrusted Data vulnerability in Html2Pdf Project Html2Pdf An issue was discovered in Spipu HTML2PDF before 5.2.4. | 8.8 |
| 2022-01-10 | CVE-2021-43297 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. | 9.8 |