Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-05 | CVE-2022-2830 | Deserialization of Untrusted Data vulnerability in Bitdefender Gravityzone Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. | 9.8 |
| 2022-09-02 | CVE-2022-29063 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. | 9.8 |
| 2022-08-31 | CVE-2022-37021 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. | 9.8 |
| 2022-08-31 | CVE-2022-37022 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. | 8.8 |
| 2022-08-31 | CVE-2022-37023 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. | 6.5 |
| 2022-08-29 | CVE-2022-34668 | Deserialization of Untrusted Data vulnerability in Nvidia Nvflare NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | 9.8 |
| 2022-08-25 | CVE-2022-36119 | Deserialization of Untrusted Data vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 8.8 |
| 2022-08-25 | CVE-2022-2465 | Deserialization of Untrusted Data vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. | 7.8 |
| 2022-08-25 | CVE-2021-25642 | Deserialization of Untrusted Data vulnerability in Apache Hadoop ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. | 8.8 |
| 2022-08-24 | CVE-2021-4125 | Deserialization of Untrusted Data vulnerability in Redhat Openshift It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. | 8.1 |