Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-46674 | Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. | 7.8 |
| 2023-12-04 | CVE-2023-48967 | Deserialization of Untrusted Data vulnerability in Noear Solon Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | 9.8 |
| 2023-12-01 | CVE-2023-48886 | Deserialization of Untrusted Data vulnerability in Luxiaoxun Nettyrpc 1.2 A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. | 9.8 |
| 2023-12-01 | CVE-2023-48887 | Deserialization of Untrusted Data vulnerability in Fengjiachun Jupiter 1.3.1 A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. | 9.8 |
| 2023-11-30 | CVE-2023-47207 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 1.0.7 In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | 9.8 |
| 2023-11-29 | CVE-2023-48952 | Deserialization of Untrusted Data vulnerability in Openlinksw Virtuoso 7.2.11 An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 7.5 |
| 2023-11-29 | CVE-2023-6378 | Deserialization of Untrusted Data vulnerability in QOS Logback A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | 7.5 |
| 2023-11-20 | CVE-2023-46990 | Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | 9.8 |
| 2023-11-20 | CVE-2023-46302 | Deserialization of Untrusted Data vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. | 9.8 |
| 2023-11-17 | CVE-2023-44350 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |