Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-26133 Deserialization of Untrusted Data vulnerability in Atlassian Bitbucket Data Center 7.20.0
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
network
low complexity
atlassian CWE-502
critical
 9.8
9.8
2022-04-19 CVE-2022-21445 Deserialization of Untrusted Data vulnerability in Oracle Application Development Framework 12.2.1.3.0/12.2.1.4.0
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle CWE-502
critical
 9.8
9.8
2022-04-15 CVE-2022-27158 Deserialization of Untrusted Data vulnerability in PHP Pearweb
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
network
low complexity
php CWE-502
critical
 9.8
9.8
2022-04-14 CVE-2022-24846 Deserialization of Untrusted Data vulnerability in Geoserver Geowebcache
GeoWebCache is a tile caching server implemented in Java.
network
low complexity
geoserver CWE-502
7.2
7.2
2022-04-14 CVE-2021-21956 Deserialization of Untrusted Data vulnerability in Cloudlinux Imunify360 5.10.2/5.8/5.9
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2.
local
low complexity
cloudlinux CWE-502
7.8
7.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
7.2
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
7.2
2022-04-13 CVE-2019-6834 Deserialization of Untrusted Data vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited.
local
low complexity
schneider-electric CWE-502
7.8
7.8
2022-04-12 CVE-2022-23450 Deserialization of Untrusted Data vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).
network
low complexity
siemens CWE-502
critical
 9.8
9.8
2022-04-06 CVE-2022-20763 Deserialization of Untrusted Data vulnerability in Cisco Webex Meetings Online Wbs42.2.11
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code.
network
low complexity
cisco CWE-502
8.8
8.8