Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-49773 Deserialization of Untrusted Data vulnerability in Bcorp Shortcodes Project Bcorp Shortcodes 0.23
Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23.
network
low complexity
bcorp-shortcodes-project CWE-502
critical
9.8
2023-12-05 CVE-2023-46674 Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users.
local
low complexity
elastic CWE-502
7.8
2023-12-04 CVE-2023-48967 Deserialization of Untrusted Data vulnerability in Noear Solon
Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.
network
low complexity
noear CWE-502
critical
9.8
2023-12-01 CVE-2023-48886 Deserialization of Untrusted Data vulnerability in Luxiaoxun Nettyrpc 1.2
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.
network
low complexity
luxiaoxun CWE-502
critical
9.8
2023-12-01 CVE-2023-48887 Deserialization of Untrusted Data vulnerability in Fengjiachun Jupiter 1.3.1
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.
network
low complexity
fengjiachun CWE-502
critical
9.8
2023-11-30 CVE-2023-47207 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 1.0.7
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
network
low complexity
deltaww CWE-502
critical
9.8
2023-11-29 CVE-2023-48952 Deserialization of Untrusted Data vulnerability in Openlinksw Virtuoso 7.2.11
An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
network
low complexity
openlinksw CWE-502
7.5
2023-11-29 CVE-2023-6378 Deserialization of Untrusted Data vulnerability in QOS Logback
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
network
low complexity
qos CWE-502
7.5
2023-11-20 CVE-2023-46990 Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
network
low complexity
publiccms CWE-502
critical
9.8
2023-11-08 CVE-2023-39913 Deserialization of Untrusted Data vulnerability in Apache Uimaj
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data.
network
low complexity
apache CWE-502
8.8