Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2017-17406 CRITICAL

Netgain Enterprise Manager < 7.2.766 - Unauthenticated Remote Code Execution via RMI Registry Deserialization

CVE-2017-17485 CRITICAL

jackson-databind < 2.6.7.3, 2.9.0-2.9.3 - Unauthenticated Remote Code Execution via Malicious JSON Input

CVE-2017-5641 CRITICAL

Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization

CVE-2017-17672 CRITICAL

vBulletin < 5.3.3 - Unauthenticated Deserialization via Template Cache API

CVE-2017-11284 CRITICAL

Adobe ColdFusion 2016 Update 4 and earlier, 11 Update 12 and earlier - Deserialization of Untrusted Data

CVE-2017-11283 CRITICAL

Adobe ColdFusion 2016 Update 4 and earlier, ColdFusion 11 Update 12 and earlier - Deserialization of Untrusted Data

CVE-2017-1000207 HIGH

Swagger-Parser <=1.0.30 & Swagger Codegen <=2.2.2 - RCE

CVE-2017-8045 CRITICAL

Spring Advanced Message Queuing Protocol < 1.7.4 - Remote Code Execution via Unsafe Message Deserialization

CVE-2017-4995 HIGH

Pivotal Spring Security <4.2.3-5.0.0 - Code Injection

CVE-2017-1000248 CRITICAL

Redis-store <=v1.3.0 - Info Disclosure

CVE-2017-1000208 HIGH

Swagger-Parser <= 1.0.30 and Swagger-Codegen <= 2.2.2 - Remote Code Execution via YAML Parsing

CVE-2017-1000195 HIGH

October CMS <build 412 - Code Injection

CVE-2017-12634 CRITICAL

Apache Camel 2.0.0-2.19.3, 2.20.0 - Deserialization of Untrusted Data in camel-castor

CVE-2017-12633 CRITICAL

Apache Camel 2.0.0-2.19.3 and 2.20.0 - Deserialization of Untrusted Data in camel-hessian

CVE-2017-1000148 HIGH

Mahara <15.04.8, <15.10.4, <16.04.2 - Code Injection

CVE-2017-12796 CRITICAL

OpenMRS < 2.6.1 - Unauthenticated Remote Code Execution via XML Deserialization in Reporting Compatibility Add On

CVE-2017-12628 HIGH

Apache James < 3.0.1 - Deserialization of Untrusted Data via JMX Server

CVE-2017-0903 CRITICAL

RubyGems 2.0.0-2.6.13 - Remote Code Execution via YAML Deserialization

CVE-2017-12149 CRITICAL KEV

Jboss Application Server - Code Injection

CVE-2017-0806 HIGH

Android <8.0 - Privilege Escalation

CVE-2017-14702 CRITICAL

ERS Data System <1.8.1.0 - Code Injection

CVE-2017-10932 CRITICAL

ZTE NR8000 Series < 12.17.20 - Unauthenticated Remote Code Execution via Java RMI Deserialization

CVE-2017-14141 HIGH

Kaltura Server < 13.2.0 - Remote Code Execution via Wiki Decode Helper Deserialization

CVE-2017-9805 HIGH KEV

Apache Struts 2 REST Plugin XStream RCE

CVE-2017-12612 HIGH

Apache Spark 1.6.0-2.1.1 - Remote Code Execution via Launcher API Deserialization

Previous Page 110 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy