Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-24 | CVE-2024-53915 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. | 9.8 |
| 2024-11-24 | CVE-2024-53913 | Deserialization of Untrusted Data vulnerability in Veritas Enterprise Vault An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. | 9.8 |
| 2024-11-22 | CVE-2024-11392 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-22 | CVE-2024-11393 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-22 | CVE-2024-11394 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-20 | CVE-2018-9474 | Deserialization of Untrusted Data vulnerability in Google Android In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. | 7.8 |
| 2024-11-18 | CVE-2024-52433 | Deserialization of Untrusted Data vulnerability in Mindstien MY GEO Posts Free Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2. | 9.8 |
| 2024-11-14 | CVE-2024-10962 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. | 8.8 |
| 2024-11-13 | CVE-2024-43080 | Deserialization of Untrusted Data vulnerability in Google Android In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. | 7.8 |
| 2024-11-12 | CVE-2024-44102 | Deserialization of Untrusted Data vulnerability in Siemens Telecontrol Server Basic 3.1 A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). | 10.0 |