Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-19 | CVE-2023-28754 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR. An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. | 8.8 |
2023-07-13 | CVE-2023-25770 | Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
2023-07-01 | CVE-2023-28323 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. | 9.8 |
2023-06-29 | CVE-2023-31222 | Deserialization of Untrusted Data vulnerability in Medtronic Paceart Optima 1.11 Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity. | 8.8 |
2023-06-28 | CVE-2023-21205 | Deserialization of Untrusted Data vulnerability in Google Android 13.0 In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. | 5.5 |
2023-06-28 | CVE-2023-21206 | Deserialization of Untrusted Data vulnerability in Google Android 13.0 In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. | 4.4 |
2023-06-28 | CVE-2023-21209 | Deserialization of Untrusted Data vulnerability in Google Android 13.0 In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. | 6.7 |
2023-06-23 | CVE-2023-33299 | Deserialization of Untrusted Data vulnerability in Fortinet Fortinac A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. | 9.8 |
2023-06-20 | CVE-2023-26436 | Deserialization of Untrusted Data vulnerability in Open-Xchange Appsuite Backend Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. | 8.8 |
2023-06-19 | CVE-2023-35839 | Deserialization of Untrusted Data vulnerability in Solon A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. | 9.8 |