Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-23302 | Deserialization of Untrusted Data vulnerability in multiple products JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. | 8.8 |
| 2022-01-18 | CVE-2022-23307 | Deserialization of Untrusted Data vulnerability in multiple products CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. | 8.8 |
| 2022-01-18 | CVE-2021-45394 | Deserialization of Untrusted Data vulnerability in Html2Pdf Project Html2Pdf An issue was discovered in Spipu HTML2PDF before 5.2.4. | 8.8 |
| 2022-01-10 | CVE-2021-43297 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2022-01-10 | CVE-2021-42392 | Deserialization of Untrusted Data vulnerability in multiple products The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. | 9.8 |
| 2022-01-06 | CVE-2022-21663 | Deserialization of Untrusted Data vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 7.2 |
| 2022-01-04 | CVE-2022-21647 | Deserialization of Untrusted Data vulnerability in Codeigniter CodeIgniter is an open source PHP full-stack web framework. | 9.8 |
| 2021-12-23 | CVE-2021-20318 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 7.3.9/7.4.0 The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. | 7.2 |
| 2021-12-23 | CVE-2021-4118 | Deserialization of Untrusted Data vulnerability in Lightningai Pytorch Lightning pytorch-lightning is vulnerable to Deserialization of Untrusted Data | 7.8 |
| 2021-12-22 | CVE-2021-43853 | Deserialization of Untrusted Data vulnerability in Ajax.Net Professional Project Ajax.Net Professional Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. | 5.4 |