Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-46674 Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users.
local
low complexity
elastic CWE-502
7.8
7.8
2023-12-04 CVE-2023-48967 Deserialization of Untrusted Data vulnerability in Noear Solon
Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.
network
low complexity
noear CWE-502
critical
 9.8
9.8
2023-12-01 CVE-2023-48886 Deserialization of Untrusted Data vulnerability in Luxiaoxun Nettyrpc 1.2
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.
network
low complexity
luxiaoxun CWE-502
critical
 9.8
9.8
2023-12-01 CVE-2023-48887 Deserialization of Untrusted Data vulnerability in Fengjiachun Jupiter 1.3.1
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.
network
low complexity
fengjiachun CWE-502
critical
 9.8
9.8
2023-11-30 CVE-2023-47207 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 1.0.7
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
network
low complexity
deltaww CWE-502
critical
 9.8
9.8
2023-11-29 CVE-2023-48952 Deserialization of Untrusted Data vulnerability in Openlinksw Virtuoso 7.2.11
An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
network
low complexity
openlinksw CWE-502
7.5
7.5
2023-11-29 CVE-2023-6378 Deserialization of Untrusted Data vulnerability in QOS Logback
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
network
low complexity
qos CWE-502
7.5
7.5
2023-11-28 CVE-2022-41678 Deserialization of Untrusted Data vulnerability in Apache Activemq
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject.
network
low complexity
apache CWE-502
8.8
8.8
2023-11-20 CVE-2023-46990 Deserialization of Untrusted Data vulnerability in Publiccms 4.0.202302.E
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
network
low complexity
publiccms CWE-502
critical
 9.8
9.8
2023-11-20 CVE-2023-46302 Deserialization of Untrusted Data vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has a bug when serializing against yaml.
network
low complexity
apache CWE-502
critical
 9.8
9.8