Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-08 | CVE-2022-32601 | Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0 In telephony, there is a possible permission bypass due to a parcel format mismatch. | 7.8 |
2022-11-08 | CVE-2022-31199 | Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8 Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. | 9.8 |
2022-11-07 | CVE-2022-3536 | Deserialization of Untrusted Data vulnerability in Addify Role Based Pricing for Woocommerce The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog | 8.8 |
2022-11-04 | CVE-2022-43567 | Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. | 8.8 |
2022-11-02 | CVE-2022-39379 | Deserialization of Untrusted Data vulnerability in multiple products Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. | 9.8 |
2022-11-01 | CVE-2022-44542 | Deserialization of Untrusted Data vulnerability in Lesspipe Project Lesspipe lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 |
2022-10-31 | CVE-2022-38142 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. | 9.8 |
2022-10-31 | CVE-2022-41779 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. | 9.8 |
2022-10-31 | CVE-2022-3334 | Deserialization of Untrusted Data vulnerability in Wp-Ecommerce Easy WP Smtp The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
2022-10-31 | CVE-2022-3357 | Deserialization of Untrusted Data vulnerability in Nextendweb Smart Slider 3 The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. | 8.8 |