Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-3232 | Deserialization of Untrusted Data vulnerability in Crmeb A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. | 9.8 |
| 2023-06-12 | CVE-2023-34212 | Deserialization of Untrusted Data vulnerability in Apache Nifi The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. | 6.5 |
| 2023-06-09 | CVE-2023-30262 | Deserialization of Untrusted Data vulnerability in Mimsoftware products An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. | 8.8 |
| 2023-06-07 | CVE-2023-33496 | Deserialization of Untrusted Data vulnerability in Xxl-Rpc Project Xxl-Rpc xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode. | 9.8 |
| 2023-06-07 | CVE-2023-33284 | Deserialization of Untrusted Data vulnerability in Marvalglobal MSM 15.0 Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. | 8.8 |
| 2023-06-07 | CVE-2023-20888 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 8.8 |
| 2023-06-07 | CVE-2020-36718 | Deserialization of Untrusted Data vulnerability in Ninjateam Gpdr Ccpa Compliance Support The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. | 9.8 |
| 2023-06-07 | CVE-2020-36726 | Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. | 9.8 |
| 2023-06-07 | CVE-2020-36727 | Deserialization of Untrusted Data vulnerability in Xyzscripts Newsletter Manager The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. | 9.8 |
| 2023-06-01 | CVE-2023-33963 | Deserialization of Untrusted Data vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 9.8 |