Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-12 | CVE-2018-18447 | Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | 9.8 |
| 2022-10-07 | CVE-2022-31680 | Deserialization of Untrusted Data vulnerability in VMWare Vcenter Server The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). | 9.1 |
| 2022-10-07 | CVE-2022-26471 | Deserialization of Untrusted Data vulnerability in Google Android 12.0 In telephony, there is a possible escalation of privilege due to a parcel format mismatch. | 7.8 |
| 2022-10-07 | CVE-2022-26472 | Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0 In ims, there is a possible escalation of privilege due to a parcel format mismatch. | 7.8 |
| 2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
| 2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
| 2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
| 2022-09-23 | CVE-2022-36944 | Deserialization of Untrusted Data vulnerability in multiple products Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. | 9.8 |
| 2022-09-16 | CVE-2022-39008 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The NFC module has bundle serialization/deserialization vulnerabilities. | 9.1 |
| 2022-09-15 | CVE-2022-38352 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.13 ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. | 9.8 |