Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-10 | CVE-2023-29216 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2. | 9.8 |
| 2023-04-06 | CVE-2023-28500 | Deserialization of Untrusted Data vulnerability in Adobe Livecycle ES4 A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. | 9.8 |
| 2023-04-05 | CVE-2023-20102 | Deserialization of Untrusted Data vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. | 8.8 |
| 2023-04-05 | CVE-2023-29006 | Deserialization of Untrusted Data vulnerability in Glpi-Project Order The Order GLPI plugin allows users to manage order management within GLPI. | 8.8 |
| 2023-04-04 | CVE-2020-29312 | Deserialization of Untrusted Data vulnerability in Zend Framework An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. | 9.8 |
| 2023-03-29 | CVE-2022-28685 | Deserialization of Untrusted Data vulnerability in Aveva Edge This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). | 7.8 |
| 2023-03-29 | CVE-2022-2561 | Deserialization of Untrusted Data vulnerability in Opclabs Quickopc 5.63 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. | 7.8 |
| 2023-03-29 | CVE-2022-36971 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.8 |
| 2023-03-29 | CVE-2022-36974 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36977 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |