Total
1526 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40555 | 1 Uxthemes | 1 Flatsome | 2024-08-02 | 8.3 High |
| Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. | ||||
| CVE-2023-40195 | 1 Apache | 1 Airflow Spark Provider | 2024-08-02 | 8.8 High |
| Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users. To view the warning in the docs please visit https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html | ||||
| CVE-2023-40044 | 1 Progress | 1 Ws Ftp Server | 2024-08-02 | 10 Critical |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | ||||
| CVE-2023-39410 | 2 Apache, Redhat | 5 Avro, Camel Quarkus, Jboss Enterprise Application Platform and 2 more | 2024-08-02 | 7.5 High |
| When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. | ||||
| CVE-2023-39475 | 2024-08-02 | N/A | ||
| Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ParameterVersionJavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20290. | ||||
| CVE-2023-39476 | 2024-08-02 | N/A | ||
| Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20291. | ||||
| CVE-2023-38264 | 1 Redhat | 2 Enterprise Linux, Rhel Extras | 2024-08-02 | 5.9 Medium |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | ||||
| CVE-2023-38182 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38204 | 1 Adobe | 1 Coldfusion | 2024-08-02 | 9.8 Critical |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-38203 | 1 Adobe | 1 Coldfusion | 2024-08-02 | 9.8 Critical |
| Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-38177 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-08-02 | 6.1 Medium |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38181 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8.8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-38155 | 1 Microsoft | 1 Azure Devops Server | 2024-08-02 | 7 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||
| CVE-2023-37390 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2024-08-02 | 8.3 High |
| Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0. | ||||
| CVE-2023-36777 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 5.7 Medium |
| Microsoft Exchange Server Information Disclosure Vulnerability | ||||
| CVE-2023-36756 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36744 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36736 | 1 Microsoft | 1 Identity Linux Broker | 2024-08-02 | 4.4 Medium |
| Microsoft Identity Linux Broker Remote Code Execution Vulnerability | ||||
| CVE-2023-36745 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36757 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||