Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2023-21124 Deserialization of Untrusted Data vulnerability in Google Android
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
2023-06-12 CVE-2023-34212 Deserialization of Untrusted Data vulnerability in Apache Nifi
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
network
low complexity
apache CWE-502
6.5
2023-06-09 CVE-2023-30262 Deserialization of Untrusted Data vulnerability in Mimsoftware products
An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.
low complexity
mimsoftware CWE-502
8.8
2023-06-07 CVE-2023-33496 Deserialization of Untrusted Data vulnerability in Xxl-Rpc Project Xxl-Rpc
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.
network
low complexity
xxl-rpc-project CWE-502
critical
9.8
2023-06-07 CVE-2023-33284 Deserialization of Untrusted Data vulnerability in Marvalglobal MSM 15.0
Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability.
network
low complexity
marvalglobal CWE-502
8.8
2023-06-07 CVE-2023-20888 Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
network
low complexity
vmware CWE-502
8.8
2023-06-07 CVE-2020-36718 Deserialization of Untrusted Data vulnerability in Ninjateam Gpdr Ccpa Compliance Support
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value.
network
low complexity
ninjateam CWE-502
critical
9.8
2023-06-07 CVE-2020-36726 Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions.
network
low complexity
etoilewebdesign CWE-502
critical
9.8
2023-06-07 CVE-2020-36727 Deserialization of Untrusted Data vulnerability in Xyzscripts Newsletter Manager
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1.
network
low complexity
xyzscripts CWE-502
critical
9.8
2023-06-01 CVE-2023-33963 Deserialization of Untrusted Data vulnerability in Dataease
DataEase is an open source data visualization and analysis tool.
network
low complexity
dataease CWE-502
critical
9.8