Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2019-17531 CRITICAL

jackson-databind 2.0.0-2.9.10 - Remote Code Execution via Polymorphic Typing with Log4j JNDI

CVE-2019-17267 CRITICAL

FasterXML jackson-databind < 2.9.10 - Deserialization of Untrusted Data via EhcacheJtaTransactionManagerLookup

CVE-2019-17206 CRITICAL

Redis Wrapper < 0.3.0 - Remote Code Execution via Pickle Deserialization

CVE-2019-16891 CRITICAL

Liferay Portal CE 6.2.5 - Code Injection

CVE-2019-12630 CRITICAL

Cisco Security Manager < 4.18 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2019-17080 HIGH

mintinstall 7.9.9 - Remote Code Execution via Untrusted REVIEWS_CACHE Deserialization

CVE-2019-16943 CRITICAL

jackson-databind 2.0.0-2.9.10 - Remote Code Execution via P6Spy Default Typing

CVE-2019-16942 CRITICAL

jackson-databind 2.0.0-2.9.10 - Remote Code Execution via Polymorphic Typing

CVE-2019-10202 CRITICAL

JBoss Enterprise Application Platform - Deserialization of Untrusted Data via Jackson Mapper

CVE-2019-9373 MEDIUM

Android 10 - Local Denial of Service via JobStore Deserialization Mismatch

CVE-2019-9365 CRITICAL

Android 10 - Remote Code Execution via Bluetooth Deserialization Error

CVE-2019-16894 CRITICAL

inoERP 4.15 - SQL Injection via Insecure Deserialization in download.php

CVE-2019-16755 CRITICAL

BMC MyIT Digital Workplace < 18.08.00 - Unauthenticated Remote Code Execution

CVE-2019-11666 HIGH

Micro Focus Service Manager <9.63 - Deserialization

CVE-2019-0195 CRITICAL

Apache Tapestry 5.4.0-5.4.2 and 5.4.0-5.4.4 - Remote Code Execution via Classpath Asset File URL Manipulation

CVE-2019-16335 CRITICAL

FasterXML jackson-databind <2.9.10 - Info Disclosure

CVE-2019-14540 CRITICAL

FasterXML jackson-databind <2.9.10 - Info Disclosure

CVE-2019-16317 HIGH

pimcore < 5.7.1 - Authenticated Remote Code Execution via PHAR Deserialization

CVE-2019-0189 CRITICAL

Apache OFBiz 16.11.01-16.11.05 - Remote Code Execution via HttpEngine ServiceContext Deserialization

CVE-2019-14224 HIGH

Alfresco Community Edition 5.2 - RCE

CVE-2019-5069 HIGH

Epignosis eFront LMS <5.2.12 - Code Injection

CVE-2019-15780 CRITICAL

Formidable Form Builder < 4.02.01 - Deserialization of Untrusted Data

CVE-2019-15521 CRITICAL

Spoon Library < 2014-02-06 and Fork CMS < 1.4.1 - PHP Object Injection via Cookie

CVE-2019-11030 CRITICAL

Mirasys VMS < 7.6.1 and 8.x < 8.3.2 - Remote Code Execution via Insecure Deserialization in AuditTrailService

CVE-2019-15321 CRITICAL

Optiontree < 2.7.3 - Insecure Deserialization

Previous Page 101 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy