Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-5183 Deserialization of Untrusted Data vulnerability in Illumio Core Policy Compute Engine
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE.
network
low complexity
illumio CWE-502
8.8
2023-09-27 CVE-2023-40044 Deserialization of Untrusted Data vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  
network
low complexity
progress CWE-502
8.8
2023-09-20 CVE-2023-40619 Deserialization of Untrusted Data vulnerability in PHPpgadmin Project PHPpgadmin
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places.
network
low complexity
phppgadmin-project CWE-502
critical
9.8
2023-09-14 CVE-2023-32636 Deserialization of Untrusted Data vulnerability in Gnome Glib
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499.
network
low complexity
gnome CWE-502
7.5
2023-09-14 CVE-2023-32665 Deserialization of Untrusted Data vulnerability in Gnome Glib
A flaw was found in GLib.
local
low complexity
gnome CWE-502
5.5
2023-09-11 CVE-2022-1415 Deserialization of Untrusted Data vulnerability in Redhat products
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data.
network
low complexity
redhat CWE-502
8.8
2023-09-11 CVE-2023-35669 Deserialization of Untrusted Data vulnerability in Google Android
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
2023-09-11 CVE-2020-19559 Deserialization of Untrusted Data vulnerability in Dieboldnixdorf Agilis XFS for Opteva 4.1.61.1
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.
network
low complexity
dieboldnixdorf CWE-502
critical
9.8
2023-09-07 CVE-2023-4528 Deserialization of Untrusted Data vulnerability in Redwood Jscape MFT
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
network
low complexity
redwood CWE-502
7.2
2023-09-06 CVE-2023-0925 Deserialization of Untrusted Data vulnerability in Softwareag Webmethods 10.11
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces.
network
low complexity
softwareag CWE-502
critical
9.8