Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-26547 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The InputMethod module has a vulnerability of serialization/deserialization mismatch.
local
low complexity
huawei CWE-502
7.8
7.8
2023-03-27 CVE-2023-26548 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The pgmng module has a vulnerability in serialization/deserialization.
network
low complexity
huawei CWE-502
7.5
7.5
2023-03-27 CVE-2023-1399 Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.
network
low complexity
keysight CWE-502
critical
 9.8
9.8
2023-03-27 CVE-2023-1133 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default.
network
low complexity
deltaww CWE-502
critical
 9.8
9.8
2023-03-27 CVE-2023-1139 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
network
low complexity
deltaww CWE-502
8.8
8.8
2023-03-27 CVE-2023-1145 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
local
low complexity
deltaww CWE-502
7.8
7.8
2023-03-23 CVE-2023-26359 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2023-03-22 CVE-2023-28667 Deserialization of Untrusted Data vulnerability in Leadgenerated Lead Generated
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue.
network
low complexity
leadgenerated CWE-502
critical
 9.8
9.8
2023-03-03 CVE-2023-26779 Deserialization of Untrusted Data vulnerability in Yf-Exam Project Yf-Exam 1.8.0
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).
network
low complexity
yf-exam-project CWE-502
critical
 9.8
9.8
2023-03-01 CVE-2022-37936 Deserialization of Untrusted Data vulnerability in HPE Serviceguard for Linux
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
network
low complexity
hpe CWE-502
critical
 9.8
9.8