Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-27 | CVE-2023-5183 | Deserialization of Untrusted Data vulnerability in Illumio Core Policy Compute Engine Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. | 8.8 |
2023-09-27 | CVE-2023-40044 | Deserialization of Untrusted Data vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 |
2023-09-20 | CVE-2023-40619 | Deserialization of Untrusted Data vulnerability in PHPpgadmin Project PHPpgadmin phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. | 9.8 |
2023-09-14 | CVE-2023-32636 | Deserialization of Untrusted Data vulnerability in Gnome Glib A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. | 7.5 |
2023-09-14 | CVE-2023-32665 | Deserialization of Untrusted Data vulnerability in Gnome Glib A flaw was found in GLib. | 5.5 |
2023-09-11 | CVE-2022-1415 | Deserialization of Untrusted Data vulnerability in Redhat products A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. | 8.8 |
2023-09-11 | CVE-2023-35669 | Deserialization of Untrusted Data vulnerability in Google Android In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. | 7.8 |
2023-09-11 | CVE-2020-19559 | Deserialization of Untrusted Data vulnerability in Dieboldnixdorf Agilis XFS for Opteva 4.1.61.1 An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. | 9.8 |
2023-09-07 | CVE-2023-4528 | Deserialization of Untrusted Data vulnerability in Redwood Jscape MFT Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface | 7.2 |
2023-09-06 | CVE-2023-0925 | Deserialization of Untrusted Data vulnerability in Softwareag Webmethods 10.11 Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. | 9.8 |