Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-19 | CVE-2021-28254 | Deserialization of Untrusted Data vulnerability in Laravel 8.5.9 A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | 9.8 |
2023-04-11 | CVE-2023-1552 | Deserialization of Untrusted Data vulnerability in GE Toolboxst 04.07.05C/07.09.07C ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. | 7.8 |
2023-04-06 | CVE-2023-28500 | Deserialization of Untrusted Data vulnerability in Adobe Livecycle ES4 A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. | 9.8 |
2023-04-05 | CVE-2023-20102 | Deserialization of Untrusted Data vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. | 8.8 |
2023-04-04 | CVE-2020-29312 | Deserialization of Untrusted Data vulnerability in Zend Framework An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. | 9.8 |
2023-03-29 | CVE-2022-36971 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.8 |
2023-03-27 | CVE-2023-26547 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The InputMethod module has a vulnerability of serialization/deserialization mismatch. | 7.8 |
2023-03-27 | CVE-2023-26548 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The pgmng module has a vulnerability in serialization/deserialization. | 7.5 |
2023-03-27 | CVE-2023-1399 | Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. | 9.8 |
2023-03-27 | CVE-2023-1133 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. | 9.8 |