CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,830 vulnerabilities with CWE-502
CVE-2023-36439 HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.0
CVE-2023-36050 HIGH
Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data
CVSS 8.0
CVE-2023-36039 HIGH
Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data
CVSS 8.0
CVE-2023-36035 HIGH
Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data
CVSS 8.0
CVE-2023-47248 CRITICAL
PyArrow 0.14.0-14.0.0 - Remote Code Execution via Untrusted Data Deserialization
CVSS 9.8
CVE-2023-39913 HIGH
Apache UIMA Java SDK < 3.5.0 - Remote Code Execution via Untrusted Java Deserialization
CVSS 8.8
CVE-2023-46817 CRITICAL
phpfox < 4.8.13 - Unauthenticated Remote Code Execution via Unserialize on URL Parameter
CVSS 9.8
CVE-2023-47204 CRITICAL
transmute-core < 1.13.5 - Remote Code Execution via YAML Deserialization
CVSS 9.8
CVE-2023-1714 HIGH
Bitrix24 <22.0.300 - Authenticated RCE
CVSS 8.8
CVE-2023-47174 CRITICAL
Thorn SFTP Gateway Firmware 3.4.0-3.4.3 - Remote Code Execution via Java Deserialization
CVSS 9.8
CVE-2023-45672 HIGH
Frigate < 0.13.0 Beta 3 - Unauthenticated Remote Code Execution via YAML Deserialization
CVSS 7.5
CVE-2023-5583 HIGH
WP Simple Galleries <1.34 - Code Injection
CVSS 8.8
CVE-2023-40121 MEDIUM
Android - SQL Injection via Unsafe Deserialization in DatabaseUtils
CVSS 5.5
CVE-2023-46604 CRITICAL KEV
Java OpenWire - Deserialization RCE
CVSS 10.0
CVE-2023-43208 CRITICAL KEV
NextGen Healthcare Mirth Connect <4.4.1 - RCE
CVSS 9.8
CVE-2023-4386 HIGH
Essential Blocks <4.2.0 - Code Injection
CVSS 8.1
CVE-2023-4402 HIGH
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via get_products Function
CVSS 8.1
CVE-2023-39680 HIGH
Sollace Unicopia < 1.2.0 - Remote Code Execution via Untrusted Data Deserialization
CVSS 7.5
CVE-2023-34052 HIGH
VMware Aria Operations for Logs - SSRF
CVSS 7.8
CVE-2023-35186 HIGH
SolarWinds Access Rights Manager < 2023.2.0.73 - Authenticated Remote Code Execution via Deserialization
CVSS 8.0
CVE-2023-35184 HIGH
SolarWinds Access Rights Manager < 2023.2.0.73 - Unauthenticated Remote Code Execution via Deserialization
CVSS 8.8
CVE-2023-35182 HIGH
SolarWinds Access Rights Manager < 2023.2.0.73 - Unauthenticated Remote Code Execution via Deserialization
CVSS 8.8
CVE-2023-35180 HIGH
SolarWinds Access Rights Manager < 2023.2.0.73 - Authenticated Remote Code Execution via API Abuse
CVSS 8.0
CVE-2023-46227 HIGH
Apache InLong <1.8.0 - Use After Free
CVSS 7.5
CVE-2023-34050 MEDIUM
Spring AMQP <2.4.16 & <3.0.9 - Deserialization
CVSS 5.0
Details
Vulnerabilities 2,830
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits