Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-23940 | Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. | 8.8 |
| 2022-03-08 | CVE-2022-24282 | Deserialization of Untrusted Data vulnerability in Siemens Sinec Network Management System 1.0.3 A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). | 7.2 |
| 2022-02-18 | CVE-2022-0138 | Deserialization of Untrusted Data vulnerability in Airspan products MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created. | 7.5 |
| 2022-02-11 | CVE-2021-46364 | Deserialization of Untrusted Data vulnerability in Magnolia-Cms Magnolia CMS A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | 7.8 |
| 2022-02-11 | CVE-2022-24289 | Deserialization of Untrusted Data vulnerability in Apache Cayenne Hessian serialization is a network protocol that supports object-based transmission. | 8.8 |
| 2022-02-09 | CVE-2022-22005 | Deserialization of Untrusted Data vulnerability in Microsoft products Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
| 2022-02-09 | CVE-2022-0538 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | 7.5 |
| 2022-01-31 | CVE-2021-42631 | Deserialization of Untrusted Data vulnerability in Printerlogic Virtual Appliance and web Stack PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. | 8.1 |
| 2022-01-28 | CVE-2021-45899 | Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. | 9.8 |
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 8.1 |