Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-42809 | Deserialization of Untrusted Data vulnerability in Redisson Redisson is a Java Redis client that uses the Netty framework. | 8.8 |
| 2023-10-04 | CVE-2023-5391 | Deserialization of Untrusted Data vulnerability in Schneider-Electric products A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | 9.8 |
| 2023-10-03 | CVE-2023-43176 | Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3 A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. | 8.8 |
| 2023-10-02 | CVE-2023-43268 | Deserialization of Untrusted Data vulnerability in Deyue Remote Vehicle Management System Project Deyue Remote Vehicle Management System 1.1 Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. | 8.8 |
| 2023-09-29 | CVE-2023-39410 | Deserialization of Untrusted Data vulnerability in Apache Avro When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. | 7.5 |
| 2023-09-28 | CVE-2023-44273 | Deserialization of Untrusted Data vulnerability in Consensys Gnark-Crypto Consensys gnark-crypto through 0.11.2 allows Signature Malleability. | 9.8 |
| 2023-09-27 | CVE-2023-43291 | Deserialization of Untrusted Data vulnerability in Emlog Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | 9.8 |
| 2023-09-27 | CVE-2023-5183 | Deserialization of Untrusted Data vulnerability in Illumio Core Policy Compute Engine Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. | 8.8 |
| 2023-09-27 | CVE-2023-40044 | Deserialization of Untrusted Data vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 |
| 2023-09-20 | CVE-2023-40619 | Deserialization of Untrusted Data vulnerability in PHPpgadmin Project PHPpgadmin phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. | 9.8 |