Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-20 | CVE-2023-49773 | Deserialization of Untrusted Data vulnerability in Bcorp Shortcodes Project Bcorp Shortcodes 0.23 Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23. | 9.8 |
2023-12-05 | CVE-2023-46674 | Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. | 7.8 |
2023-12-04 | CVE-2023-48967 | Deserialization of Untrusted Data vulnerability in Noear Solon Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | 9.8 |
2023-12-01 | CVE-2023-48886 | Deserialization of Untrusted Data vulnerability in Luxiaoxun Nettyrpc 1.2 A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. | 9.8 |
2023-12-01 | CVE-2023-48887 | Deserialization of Untrusted Data vulnerability in Fengjiachun Jupiter 1.3.1 A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. | 9.8 |
2023-11-30 | CVE-2023-47207 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 1.0.7 In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | 9.8 |
2023-11-29 | CVE-2023-48952 | Deserialization of Untrusted Data vulnerability in Openlinksw Virtuoso 7.2.11 An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 7.5 |
2023-11-29 | CVE-2023-6378 | Deserialization of Untrusted Data vulnerability in QOS Logback A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | 7.5 |
2023-11-20 | CVE-2023-46990 | Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | 9.8 |
2023-11-08 | CVE-2023-39913 | Deserialization of Untrusted Data vulnerability in Apache Uimaj Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. | 8.8 |