Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-37941 | Deserialization of Untrusted Data vulnerability in Apache Superset If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by the system administrator and the superset process itself. | 6.6 |
| 2023-09-05 | CVE-2023-30534 | Deserialization of Untrusted Data vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 4.3 |
| 2023-09-04 | CVE-2023-28072 | Deserialization of Untrusted Data vulnerability in Dell Alienware Command Center Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. | 7.8 |
| 2023-08-30 | CVE-2023-40595 | Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. | 8.8 |
| 2023-08-25 | CVE-2023-40571 | Deserialization of Untrusted Data vulnerability in Weblogic-Framework Project Weblogic-Framework 0.2.3 weblogic-framework is a tool for detecting weblogic vulnerabilities. | 9.8 |
| 2023-08-25 | CVE-2023-24621 | Deserialization of Untrusted Data vulnerability in Esotericsoftware Yamlbeans An issue was discovered in Esoteric YamlBeans through 1.15. | 7.8 |
| 2023-08-24 | CVE-2023-34040 | Deserialization of Untrusted Data vulnerability in VMWare Spring for Apache Kafka In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. | 7.8 |
| 2023-08-21 | CVE-2023-39106 | Deserialization of Untrusted Data vulnerability in Alibabacloud Nacos Spring Project An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. | 8.8 |
| 2023-08-14 | CVE-2023-3259 | Deserialization of Untrusted Data vulnerability in Dataprobe products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. | 9.8 |
| 2023-08-13 | CVE-2023-39396 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos Deserialization vulnerability in the input module. | 7.5 |