Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2018-18628 CRITICAL

Pippo < 1.12.0 - Remote Code Execution via Untrusted Session Data Deserialization

CVE-2018-18589 MEDIUM

Micro Focus Real User Monitoring 9.26IP, 9.30, 9.40, 9.50 - Remote Code Execution via Untrusted Data Deserialization

CVE-2018-15616 CRITICAL

Avaya Aura System Platform 6.3.0-6.3.9/6.4.0-6.4.2 - Remote Code Execution via Deserialization

CVE-2018-3245 CRITICAL

Oracle WebLogic Server <12.2.1.3 - RCE

CVE-2018-18240 CRITICAL

Pippo < 1.11.0 - Remote Code Execution via XstreamEngine Deserialization

CVE-2018-15425 MEDIUM

Cisco Identity Services Engine - Authenticated Remote Code Execution via Deserialization of Untrusted Data

CVE-2018-16364 HIGH

Zoho ManageEngine Applications Manager - Remote Code Execution via SMB Share Payload

CVE-2018-3972 CRITICAL

Monero Lithium Luna v0.12.2.0-master-ffab6700 - Remote Code Execution via Levin Deserialization

CVE-2018-15965 CRITICAL

Adobe ColdFusion <=2018.0.0.310739 (Update 6/14) - Remote Code Execution via Untrusted Deserialization

CVE-2018-15959 CRITICAL

Adobe ColdFusion <=2018.0.0.310739 (Update 6/14) - Remote Code Execution via Untrusted Deserialization

CVE-2018-15958 CRITICAL

Adobe ColdFusion <=2018.0.0.310739 (Update 6/14) - Remote Code Execution via Untrusted Deserialization

CVE-2018-15957 CRITICAL

Adobe ColdFusion <=2018.0.0.310739 (Update 6/14) - Deserialization of Untrusted Data

CVE-2018-17057 CRITICAL

TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization

CVE-2018-1567 CRITICAL

IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Remote Code Execution via SOAP Connector Deserialization

CVE-2018-10911 HIGH

glusterfs 3.12.0-3.12.13 - Integer Overflow in dic_unserialize Function

CVE-2018-15514 HIGH

Docker - Insecure Deserialization

CVE-2018-10513 HIGH

Trend Micro Security <2018 - Privilege Escalation

CVE-2018-15691 CRITICAL

CA Release Automation < 6.3.0.9945 - Remote Code Execution via Insecure Deserialization

CVE-2018-14572 HIGH

conference-scheduler-cli < 0.10.1 - Remote Code Execution via Pickle Deserialization

CVE-2018-15576 HIGH

EasyLogin Pro < 1.3.0 - Remote Code Execution via Encryptor.php Unserialize

CVE-2018-1999042 MEDIUM

Jenkins < 2.137 and < 2.121.2 - Deserialization of Untrusted Data via XStream2.java

CVE-2018-1000641 CRITICAL

YesWiki <= cercopitheque beta 1 - Code Injection

CVE-2018-15503 HIGH

Swoole 4.0.4 - Denial of Service via Unpack Deserialization Size Check Bypass

CVE-2018-3784 CRITICAL

cryo 0.0.6 - Remote Code Execution via Insecure Deserialization

CVE-2018-8349 HIGH

Microsoft COM for Windows - Remote Code Execution via Untrusted Data Deserialization

Previous Page 106 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy