Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2016-7050 CRITICAL

Red Hat Enterprise Linux 7 - Remote Code Execution via SerializableProvider Deserialization

CVE-2016-3690 CRITICAL

JBoss Enterprise Application Platform 4.x and 5.x - Remote Code Execution via PooledInvokerServlet Deserialization

CVE-2016-4483 HIGH

libxml2 < 2.9.4 - Denial of Service via Non-UTF-8 Attribute Serialization

CVE-2016-0779 CRITICAL

Apache TomEE <1.7.4, <7.0.0-M3 - RCE

CVE-2016-10304 MEDIUM

SAP NetWeaver AS JAVA 7.5 - Authenticated Denial of Service via Deserialization in EP-RUNTIME Component

CVE-2016-6809 CRITICAL

Apache Tika < 1.14 - Remote Code Execution via MATLAB File Deserialization

CVE-2016-8749 CRITICAL

Apache Camel 2.16.0-2.16.4 2.17.0-2.17.4 2.18.0-2.18.1 - Remote Code Execution via Jackson Unmarshalling

CVE-2016-0360 CRITICAL

IBM Websphere MQ JMS <9.0 - Code Injection

CVE-2016-6199 CRITICAL

Gradle 2.12 - Remote Code Execution via Untrusted Deserialization

CVE-2016-3415 CRITICAL

Zimbra Collaboration Suite < 8.6.0 - Deserialization of Untrusted Data

CVE-2016-9865 CRITICAL

phpMyAdmin < 4.6.5, < 4.4.15.9, < 4.0.10.18 - Unauthenticated Remote Code Execution via Serialized String Parsing Bypass

CVE-2016-6620 CRITICAL

phpMyAdmin <4.6.4, <4.4.15.8, <4.0.10.17 - Code Injection

CVE-2016-7065 HIGH

Red Hat JBoss Enterprise Application Platform 4 and 5 - Remote Code Execution via JMX Servlet Deserialization

CVE-2016-5019 CRITICAL

Apache MyFaces Trinidad Deserialization of Untrusted Data via Serialized View State

CVE-2016-4385 HIGH

HP Network Automation Software - RCE

CVE-2016-6330 CRITICAL

Red Hat JBoss Operations Network (JON) - RCE

CVE-2016-4978 HIGH

Apache ActiveMQ Artemis < 1.4.0 - Authenticated Remote Code Execution via JMS ObjectMessage Deserialization

CVE-2016-7124 CRITICAL

PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Crafted Serialized Data

CVE-2016-1114 CRITICAL

Adobe ColdFusion 10 < Update 19, 11 < Update 8, 2016 < Update 1 - Remote Code Execution via Deserialization

CVE-2015-2020 CRITICAL

MyScript SDK < 1.3 - Remote Code Execution via Untrusted Deserialization

CVE-2015-7501 CRITICAL

Red Hat Data Grid - Remote Code Execution via Deserialization of Untrusted Data

CVE-2015-5164 HIGH

pulpproject qpid - Authenticated Remote Code Execution via Pickle Deserialization

CVE-2015-7450 CRITICAL KEV

IBM Sterling B2B Integrator - Remote Code Execution via Apache Commons Collections Deserialization

CVE-2015-6420 CRITICAL

Apache Commons Collections < 3.2.2 and < 4.1 - Remote Code Execution via Deserialization

CVE-2015-8103 CRITICAL

Jenkins CLI RMI Java Deserialization Vulnerability

Previous Page 113 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy