Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-24971 | Deserialization of Untrusted Data vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. | 6.5 |
| 2023-07-19 | CVE-2023-28754 | Deserialization of Untrusted Data vulnerability in Apache Shardingsphere Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR. An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. | 8.8 |
| 2023-07-13 | CVE-2023-25770 | Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-12 | CVE-2023-29300 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
| 2023-07-01 | CVE-2023-28323 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. | 9.8 |
| 2023-06-29 | CVE-2023-31222 | Deserialization of Untrusted Data vulnerability in Medtronic Paceart Optima 1.11 Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity. | 8.8 |
| 2023-06-28 | CVE-2023-21205 | Deserialization of Untrusted Data vulnerability in Google Android 13.0 In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. | 5.5 |
| 2023-06-28 | CVE-2023-21206 | Deserialization of Untrusted Data vulnerability in Google Android 13.0 In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. | 4.4 |
| 2023-06-28 | CVE-2023-21209 | Deserialization of Untrusted Data vulnerability in Google Android 13.0 In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. | 6.7 |
| 2023-06-23 | CVE-2023-33299 | Deserialization of Untrusted Data vulnerability in Fortinet Fortinac A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. | 9.8 |