Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2017-3200 HIGH

GraniteDS - Remote Code Execution via AMF3 Deserialization

CVE-2017-3199 HIGH

GraniteDS 3.1.1.GA - Remote Code Execution via AMF3 Deserialization

CVE-2017-2608 HIGH

Jenkins < 2.44 and < 2.32.2 - Remote Code Execution via XStream Deserialization

CVE-2017-13286 HIGH

Android 8.0-8.1 - Local Privilege Escalation via OutputConfiguration Serialization Mismatch

CVE-2017-1677 HIGH

IBM DB2 for Linux, UNIX and Windows <11.1 - Code Injection

CVE-2017-15693 HIGH

Apache Geode < 1.4.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-15692 CRITICAL

Apache Geode < 1.4.0 - Remote Code Execution via TcpServer Deserialization

CVE-2017-8967 HIGH

Hewlett Packard Enterprise iMC <7.3 - Deserialization

CVE-2017-8966 HIGH

Hewlett Packard Enterprise iMC <7.3 E0504P2 - Deserialization

CVE-2017-8965 HIGH

Hewlett Packard Enterprise iMC <7.3 E0504P2 - Deserialization

CVE-2017-8964 HIGH

Hewlett Packard Enterprise iMC <7.3 E0504P2 - Deserialization

CVE-2017-8963 HIGH

Hewlett Packard Enterprise iMC <7.3 - Deserialization

CVE-2017-8962 HIGH

Hewlett Packard Enterprise iMC <7.3 E0504P2 - Deserialization

CVE-2017-5792 CRITICAL

HPE Intelligent Management Center PLAT 7.3 E0504P2 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-5790 CRITICAL

HPE Intelligent Management Center PLAT 7.2 E0403P06 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-12558 CRITICAL

HPE Intelligent Management Center PLAT < 7.3 E0504P2 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-12557 CRITICAL

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-12556 CRITICAL

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-15089 HIGH

Infinispan < 9.1.6 and < 9.2.0.CR1 - Authenticated Deserialization of Untrusted Data via Hotrod Client

CVE-2017-7525 CRITICAL

jackson-databind <2.6.7.1, <2.7.9.1, <2.8.9 - Code Injection

CVE-2017-15095 CRITICAL

jackson-databind <2.8.10, 2.9.1 - Code Injection

CVE-2017-1000355 MEDIUM

Jenkins < 2.56 and < 2.46.1 - Denial of Service via XStream Void Type Instantiation

CVE-2017-1000353 CRITICAL KEV

Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2017-4947 CRITICAL

VMware vRealize Automation 7.2-7.3 & vSphere Integrated Containers <1.3.0 RCE via Xenon Deserialization

CVE-2017-15703 MEDIUM

Apache NiFi 1.0.0-1.3.0 - Authenticated Denial of Service via Java Deserialization

Previous Page 109 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy