Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-12 | CVE-2018-18446 | Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). | 9.8 |
| 2022-10-12 | CVE-2018-18447 | Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | 9.8 |
| 2022-10-07 | CVE-2022-31680 | Deserialization of Untrusted Data vulnerability in VMWare Vcenter Server The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). | 9.1 |
| 2022-10-07 | CVE-2022-26471 | Deserialization of Untrusted Data vulnerability in Google Android 12.0 In telephony, there is a possible escalation of privilege due to a parcel format mismatch. | 7.8 |
| 2022-10-07 | CVE-2022-26472 | Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0 In ims, there is a possible escalation of privilege due to a parcel format mismatch. | 7.8 |
| 2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
| 2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
| 2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
| 2022-09-27 | CVE-2022-39256 | Deserialization of Untrusted Data vulnerability in Orckestra C1 CMS Orckestra C1 CMS is a .NET based Web Content Management System. | 8.0 |
| 2022-09-26 | CVE-2022-2903 | Deserialization of Untrusted Data vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |