Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2019-7743 CRITICAL

Joomla! 2.5.0-3.9.2 - Deserialization of Untrusted Data via phar:// Stream Wrapper

CVE-2019-1000005 HIGH

mPDF < 7.1.8 - Remote Code Execution via PHAR Deserialization in ImageProcessor

CVE-2019-6503 CRITICAL

Chatopera cosin 3.10.0 - Remote Code Execution via Untrusted Deserialization

CVE-2019-6338 HIGH

Drupal 7.x < 7.62 - Deserialization of Untrusted Data via PEAR Archive_Tar Library

CVE-2019-6446 CRITICAL

NumPy < 1.16.3 - Remote Code Execution via Unsafe Pickle Deserialization

CVE-2018-9474 HIGH

Android - Local Privilege Escalation via MediaPlayer Parcel Deserialization

CVE-2018-18447 CRITICAL

paint.net < 4.1.2 - Deserialization of Untrusted Data

CVE-2018-18446 CRITICAL

paint.net < 4.1.2 - Deserialization of Untrusted Data

CVE-2018-21234 CRITICAL

jodd < 5.0.4 - Deserialization of Untrusted Data via JSON setClassMetadataName

CVE-2018-11569 CRITICAL

Eventum 3.5.0-3.5.1 - Deserialization of Untrusted Data in ListController

CVE-2018-20987 CRITICAL

Tribulant Newsletters < 4.6.8.6 - PHP Object Injection via Untrusted Data Deserialization

CVE-2018-20984 CRITICAL

patreon_wordpress < 1.2.2 - Object Injection via Untrusted Data Deserialization

CVE-2018-11779 CRITICAL

Apache Storm 1.1.0-1.2.2 - Deserialization of Untrusted Data via Storm UI Daemon

CVE-2018-11307 CRITICAL

jackson-databind 2.0.0-2.9.5 - Deserialization of Untrusted Data via iBatis Gadget Class

CVE-2018-15890 CRITICAL

EthereumJ - Remote Code Execution via Unsafe Deserialization

CVE-2018-12680 HIGH

CoAPthon 3.1, 4.0.0-4.0.2 - Denial of Service via Serialize.deserialize() Exception Mishandling

CVE-2018-12679 HIGH

CoAPthon3 1.0-1.0.1 - Denial of Service via Serialize.deserialize() Exception Mishandling

CVE-2018-20221 HIGH

Deltek Ajera Timesheets <9.10.16 - Code Injection

CVE-2018-19276 CRITICAL

OpenMRS Java Deserialization RCE

CVE-2018-12023 HIGH

FasterXML jackson-databind <2.7.9.4-2.8.11.2-2.9.6 - Code Injection

CVE-2018-12022 HIGH

FasterXML jackson-databind <2.7.9.4, 2.8.11.2, 2.9.6 - Code Injection

CVE-2018-20732 CRITICAL

SAS Web Infrastructure Platform < 9.4M6 - Remote Code Execution via Java Deserialization

CVE-2018-20718 CRITICAL

Pydio < 8.2.2 - Unauthenticated Remote Code Execution via PHP Object Injection

CVE-2018-6162 HIGH

Google Chrome <68.0.3440.75 - Heap Corruption

CVE-2018-19362 CRITICAL

FasterXML jackson-databind <2.9.8 - Use After Free

Previous Page 104 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy