Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-04 | CVE-2023-38689 | Deserialization of Untrusted Data vulnerability in Rs485 Logisticspipes Logistics Pipes is a modification (a.k.a. | 9.8 |
| 2023-08-04 | CVE-2023-36480 | Deserialization of Untrusted Data vulnerability in Aerospike Java Client The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. | 9.8 |
| 2023-08-02 | CVE-2022-40609 | Deserialization of Untrusted Data vulnerability in IBM SDK IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. | 9.8 |
| 2023-07-31 | CVE-2021-31680 | Deserialization of Untrusted Data vulnerability in Ultralytics Yolov5 Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file. | 7.8 |
| 2023-07-31 | CVE-2021-31681 | Deserialization of Untrusted Data vulnerability in Ultralytics Yolov3 Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file. | 7.8 |
| 2023-07-31 | CVE-2023-24971 | Deserialization of Untrusted Data vulnerability in IBM products IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. | 6.5 |
| 2023-07-26 | CVE-2023-38647 | Deserialization of Untrusted Data vulnerability in Apache Helix 0.9.10/0.9.9/1.2.0 An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. | 9.8 |
| 2023-07-25 | CVE-2023-37895 | Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. | 9.8 |
| 2023-07-25 | CVE-2023-34434 | Deserialization of Untrusted Data vulnerability in Apache Inlong Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. | 7.5 |
| 2023-07-24 | CVE-2023-3324 | Deserialization of Untrusted Data vulnerability in ABB Zenon A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. | 7.5 |