Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2017-14035 CRITICAL

CrushFTP 8.x < 8.2.0 - Deserialization of Untrusted Data

CVE-2017-11153 CRITICAL

Synology Photo Station < 6.7.3-3432 RCE via Deserialization in synophoto_csPhotoMisc.php

CVE-2017-9785 CRITICAL

NancyFX <1.4.4, <2.0 - Deserialization

CVE-2017-1000053 HIGH

Elixir Plug <v1.0.4,v1.1.7,v1.2.3,v1.3.2 - Code Injection

CVE-2017-1000034 HIGH

Akka <2.4.16, 2.5-M1 - Code Injection

CVE-2017-9844 HIGH

SAP NetWeaver 7400.12.21.30308 - RCE/DoS

CVE-2017-11143 HIGH

PHP < 5.6.30 - Use-After-Free in WDDX Boolean Deserialization

CVE-2017-2295 HIGH

Puppet < 4.10.1 - Remote Code Execution via Unsafe YAML Deserialization

CVE-2017-10803 MEDIUM

Odoo 8.0, 9.0, 10.0 - Authenticated Remote Code Execution via Database Anonymization Unpickle

CVE-2017-2292 CRITICAL

MCollective <2.10.4 - Code Injection

CVE-2017-9830 CRITICAL

Code42 CrashPlan 5.4.x - Remote Code Execution via org.apache.commons.ssl.rmi.DateRMI Deserialization

CVE-2017-9424 CRITICAL

IdeaBlade Breeze <1.6.5 - Code Injection

CVE-2017-5878 CRITICAL

Red5 Media Server < 1.0.8 - Remote Code Execution via AMF Deserialization

CVE-2017-4914 CRITICAL

VMware vSphere Data Protection 5.5.x-6.1.x - Remote Code Execution via Deserialization

CVE-2017-9363 CRITICAL

Soffid IAM < 1.7.4 - Remote Code Execution via Java Deserialization

CVE-2017-7504 CRITICAL

Red Hat JBoss Enterprise Application Platform < 4.0 and JBoss 4.x - Remote Code Execution via Untrusted Deserialization

CVE-2017-8829 HIGH

lintian <= 2.5.50.3 - Remote Code Execution via YAML Deserialization

CVE-2017-8804 HIGH

glibc 2.25 - Denial of Service via xdr_bytes and xdr_string Deserialization Failure

CVE-2017-3066 CRITICAL KEV

Adobe Coldfusion - Insecure Deserialization

CVE-2017-7293 HIGH

Dolby DAX2/DAX3 - Privilege Escalation

CVE-2017-5645 CRITICAL

Apache Log4j 2.0-2.8.1 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-5983 CRITICAL

Atlassian JIRA Server < 6.3.0 - Remote Code Execution via XML Parser Deserialization

CVE-2017-5929 CRITICAL

Logback < 1.2.0 - Deserialization of Untrusted Data in SocketServer and ServerSocketReceiver

CVE-2017-3159 CRITICAL

Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML

CVE-2017-5830 CRITICAL

Revive Adserver < 4.0.0 - Remote Code Execution via Cookie Deserialization

Previous Page 111 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy