Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2018-0147 CRITICAL KEV

Cisco Secure Access Control System < 5.8 patch 9 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2018-7489 CRITICAL

jackson-databind < 2.7.9.3, 2.8.0-2.8.11.1, < 2.9.5 - Remote Code Execution via Deserialization Bypass

CVE-2018-1000059 CRITICAL

ValidFormBuilder 4.5.4 - Code Injection

CVE-2018-1000058 HIGH

Jenkins Pipeline: Supporting APIs Plugin <2.17 - Code Injection

CVE-2018-1000048 HIGH

NASA RtRetrievalFramework <v1.0 - RCE

CVE-2018-1000047 HIGH

NASA Kodiak v1.0 - Remote Code Execution via Untrusted File Deserialization

CVE-2018-1000046 HIGH

NASA Pyblock 1.0-1.3 - Remote Code Execution via Radar Data File Deserialization

CVE-2018-1000045 HIGH

NASA Singledop v1.0 - Remote Code Execution via Crafted Radar Data File

CVE-2018-1051 HIGH

Resteasy - Deserialization of Untrusted Data via YamlProvider

CVE-2018-5968 HIGH

FasterXML jackson-databind <2.8.11, 2.9.x<2.9.3 - RCE

CVE-2017-20208 CRITICAL

RegistrationMagic <3.7.9.3 - Code Injection

CVE-2017-20207 CRITICAL

Flickr Gallery <1.5.2 - Code Injection

CVE-2017-20206 CRITICAL

Appointments plugin for WordPress <=2.2.1 - Code Injection

CVE-2017-20189 CRITICAL

Clojure < 1.9.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-10992 CRITICAL

HPE Storage Essentials 9.5.0.142 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2017-18605 CRITICAL

Gravitate-qa-tracker <1.2.1 - Code Injection

CVE-2017-18604 HIGH

sitebuilder-dynamic-components < 1.0 - PHP Object Injection via AJAX Request

CVE-2017-18375 HIGH

Ampache 3.8.3 - PHP Object Instantiation via Democratic AJAX Handler

CVE-2017-18365 CRITICAL

GitHub Enterprise 2.8.0-2.8.6 - Unauthenticated Remote Code Execution via Deserialization

CVE-2017-10934 CRITICAL

ZTE ZXIPTV-EPG Firmware < 5.09.02.02t4 - Unauthenticated Remote Code Execution via Java RMI Deserialization

CVE-2017-18342 CRITICAL

PyYAML < 5.1 - Remote Code Execution via yaml.load()

CVE-2017-3207 CRITICAL

WebORB for Java 5.1.1.0 - Remote Code Execution via AMF3 Deserialization

CVE-2017-3203 HIGH

Spring-flex - Remote Code Execution via AMF3 Deserialization

CVE-2017-3202 CRITICAL

Exadel Flamingo amf-serializer 2.2.0 - Deserialization of Untrusted Data via AMF3

CVE-2017-3201 HIGH

Flamingo amf-serializer 2.2.0 - Remote Code Execution via AMF3 Deserialization

Previous Page 108 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy