Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-36978 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-27 | CVE-2023-26547 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The InputMethod module has a vulnerability of serialization/deserialization mismatch. | 7.8 |
| 2023-03-27 | CVE-2023-26548 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The pgmng module has a vulnerability in serialization/deserialization. | 7.5 |
| 2023-03-27 | CVE-2023-1399 | Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. | 9.8 |
| 2023-03-27 | CVE-2023-1133 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. | 9.8 |
| 2023-03-27 | CVE-2023-1139 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | 8.8 |
| 2023-03-27 | CVE-2023-1145 | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | 7.8 |
| 2023-03-27 | CVE-2023-27296 | Deserialization of Untrusted Data vulnerability in Apache Inlong Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. | 8.8 |
| 2023-03-23 | CVE-2023-26359 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2023-03-22 | CVE-2023-28667 | Deserialization of Untrusted Data vulnerability in Leadgenerated Lead Generated The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. | 9.8 |