Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-32601 Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0
In telephony, there is a possible permission bypass due to a parcel format mismatch.
local
low complexity
google CWE-502
7.8
2022-11-08 CVE-2022-31199 Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems.
network
low complexity
netwrix CWE-502
critical
9.8
2022-11-07 CVE-2022-3536 Deserialization of Untrusted Data vulnerability in Addify Role Based Pricing for Woocommerce
The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog
network
low complexity
addify CWE-502
8.8
2022-11-04 CVE-2022-43567 Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
network
low complexity
splunk CWE-502
8.8
2022-11-02 CVE-2022-39379 Deserialization of Untrusted Data vulnerability in multiple products
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on.
network
low complexity
fluentd fedoraproject CWE-502
critical
9.8
2022-11-01 CVE-2022-44542 Deserialization of Untrusted Data vulnerability in Lesspipe Project Lesspipe
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.
network
low complexity
lesspipe-project CWE-502
critical
9.8
2022-10-31 CVE-2022-38142 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification.
network
low complexity
deltaww CWE-502
critical
9.8
2022-10-31 CVE-2022-41779 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification.
network
low complexity
deltaww CWE-502
critical
9.8
2022-10-31 CVE-2022-3334 Deserialization of Untrusted Data vulnerability in Wp-Ecommerce Easy WP Smtp
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
network
low complexity
wp-ecommerce CWE-502
7.2
2022-10-31 CVE-2022-3357 Deserialization of Untrusted Data vulnerability in Nextendweb Smart Slider 3
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.
network
low complexity
nextendweb CWE-502
8.8