Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2019-18211 HIGH

Orckestra C1 CMS < 6.6 - Authenticated Remote Code Execution via EntityTokenSerializer Deserialization

CVE-2019-17571 CRITICAL

Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer

CVE-2019-19909 HIGH

Open Journal Systems < 3.1.2-2 - Authenticated Code Injection via Report Generator Deserialization

CVE-2019-8662 CRITICAL

iPhone OS < 12.4 - Use-After-Free via Untrusted NSDictionary Deserialization

CVE-2019-19849 HIGH

TYPO3 < 8.7.30, 9.x < 9.5.12, 10.x < 10.2.2 - Authenticated Remote Code Execution via Insecure Deserialization

CVE-2019-18956 CRITICAL

Divisa Proxia Suite <9.12.16-10.1.5, SparkSpace <1.0.30-1.2.4, Prox...

CVE-2019-19826 CRITICAL

Drupal Views Dynamic Fields <= 7.x-1.0-alpha4 - PHP Object Injection via Insecure Unserialize

CVE-2019-16774 MEDIUM

phpfastcache <5.1.3 - Code Injection

CVE-2019-18316 CRITICAL

SPPA-T3000 Application Server < R8.2 SP2 - Remote Code Execution via Deserialization on 1099/tcp

CVE-2019-18283 CRITICAL

SPPA-T3000 Application Server < R8.2 SP2 - Unauthenticated Remote Code Execution via AdminService Deserialization

CVE-2019-17358 HIGH

Cacti <= 1.2.7 - Authenticated Unsafe Deserialization in lib/functions.php

CVE-2019-19373 HIGH

Squiz Matrix CMS <5.5.0.3, 5.5.1 <5.5.1.8, 5.5.2 <5.5.2.4, 5.5.3 <5...

CVE-2019-18935 CRITICAL KEV

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

CVE-2019-19230 CRITICAL

CA Release Automation (Nolio) 6.6 - Code Injection

CVE-2019-17556 CRITICAL

Apache Olingo 4.0.0-4.6.0 - Deserialization of Untrusted Data in AbstractService

CVE-2019-18580 CRITICAL

Dell EMC Storage Monitoring and Reporting <4.3.1 - Deserialization

CVE-2019-15271 HIGH KEV

Cisco RV016 RV042 RV042G RV082 < 4.2.3.10 - Authenticated Remote Code Execution via HTTP Payload Deserialization

CVE-2019-4561 HIGH

IBM Security Identity Manager 6.0.0 - Code Injection

CVE-2019-1373 CRITICAL

Microsoft Exchange Server - Remote Code Execution via PowerShell Metadata Deserialization

CVE-2019-8141 HIGH

Magento 2.1.0-2.1.18, 2.2.0-2.2.9, <2.3.3 - Remote Code Execution via Phar Deserialization

CVE-2019-18631 HIGH

Centrify Authentication and Privilege Elevation Services <3.6.0 - RCE

CVE-2019-18364 CRITICAL

JetBrains TeamCity < 2019.1.4 - Remote Code Execution via Insecure Java Deserialization

CVE-2019-18601 HIGH

OpenAFS <1.6.24, <1.8.x-1.8.5 - DoS

CVE-2019-12017 CRITICAL

MapR < 5.2.2 - Remote Code Execution via JSON Deserialization in CLDB Login

CVE-2019-13116 CRITICAL

MuleSoft Mule Runtime < 3.8.0 - Unauthenticated Remote Code Execution via Java Deserialization

Previous Page 100 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy