Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2015-4852 CRITICAL KEV

Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, 12.2.1.0 - Remote Code Execution via T3 Protocol Deserialization

CVE-2014-1420 LOW

Ubuntu UI Toolkit < 1.1.1188+14.10.20140813.4-0ubuntu1 - Sensitive Data Exposure via StateSaver Serialization

CVE-2014-1860 CRITICAL

Contao CMS < 3.2.4 - PHP Object Injection via Untrusted Data Deserialization

CVE-2014-3699 CRITICAL

eDeploy - Remote Code Execution via cPickle Deserialization

CVE-2014-9515 CRITICAL

dozer < 5.5.1 - Remote Code Execution via Untrusted Deserialization

CVE-2014-8731 CRITICAL

phpmemcachedadmin < 1.2.2 - Remote Code Execution via Serialized Data Filename Injection

CVE-2013-7489 MEDIUM

Beaker < 1.11.0 - Deserialization of Untrusted Data

CVE-2013-4521 CRITICAL

Nuxeo Platform <5.6.0-HF27 & <5.8.0-HF-01 - Code Injection

Restlet < 2.1.4 - Remote Code Execution via Untrusted Object Deserialization

CVE-2013-1465 CRITICAL

CubeCart 5.0.0-5.2.0 - Remote Code Execution via Unserialization in Shipping Parameter

CVE-2012-4406 CRITICAL

OpenStack Swift < 1.7.0 - Remote Code Execution via Unsafe Pickle Deserialization

TYPO3 4.5.0-4.5.18 - Authenticated Remote Code Execution via Unsafe Deserialization in Backend Help System

CVE-2012-0911 CRITICAL

TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE

Spring Framework 3.0.0-3.0.5 & Spring Security 2.0.0-2.0.6, 3.0.0-3.0.5 - RCE via Untrusted Deserialization

CVE-2011-2520 HIGH

system-config-firewall < 1.2.29 - Privilege Escalation via Unsafe Pickle Deserialization

Google Chrome < 8.0.552.224 and Chrome OS < 8.0.552.343 - Deserialization of Untrusted Data via Pickle Validation Bypass

Google Chrome <6.0.472.53 - Deserialization

PHP 4.0.0-4.4.4 - Remote Code Execution via Session Data Deserialization

CVE-2003-0791 CRITICAL

Mozilla < 1.4 - Remote Code Execution via Script.prototype.thaw Deserialization

Previous Page 114 of 114

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy