Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2020-23621 | Deserialization of Untrusted Data vulnerability in Squire-Technologies SVI MS Management System The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | 9.8 |
| 2022-05-01 | CVE-2022-25647 | Deserialization of Untrusted Data vulnerability in multiple products The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | 7.5 |
| 2022-05-01 | CVE-2022-25767 | Deserialization of Untrusted Data vulnerability in Ureport2 Project Ureport2 All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | 9.8 |
| 2022-04-29 | CVE-2022-29936 | Deserialization of Untrusted Data vulnerability in USU Oracle Optimization 5.16.2 USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. | 8.8 |
| 2022-04-20 | CVE-2022-29528 | Deserialization of Untrusted Data vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 9.8 |
| 2022-04-20 | CVE-2022-26133 | Deserialization of Untrusted Data vulnerability in Atlassian Bitbucket Data Center 7.20.0 SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization. | 9.8 |
| 2022-04-15 | CVE-2022-27158 | Deserialization of Untrusted Data vulnerability in PHP Pearweb pearweb < 1.32 suffers from Deserialization of Untrusted Data. | 9.8 |
| 2022-04-14 | CVE-2022-24846 | Deserialization of Untrusted Data vulnerability in Geoserver Geowebcache GeoWebCache is a tile caching server implemented in Java. | 7.2 |
| 2022-04-14 | CVE-2021-21956 | Deserialization of Untrusted Data vulnerability in Cloudlinux Imunify360 5.10.2/5.8/5.9 A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. | 7.8 |
| 2022-04-13 | CVE-2022-22957 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |