CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,841 vulnerabilities with CWE-502
CVE-2021-29654 HIGH
AjaxSearchPro < 4.20.8 - Remote Code Execution via Database Import Deserialization
CVSS 7.2
CVE-2021-21524 CRITICAL
Dell Storage Monitoring and Reporting < 4.5.0.1 - Unauthenticated RCE via Untrusted Deserialization
CVSS 9.8
CVE-2021-24217 HIGH
Facebook for WordPress < 3.0.0 - Remote Code Execution via Unsafe Deserialization
CVSS 8.1
CVE-2021-1415 MEDIUM
Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request
CVSS 6.3
CVE-2021-1414 MEDIUM
Cisco RV340, RV340W, RV345, and RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request
CVSS 6.3
CVE-2021-1413 MEDIUM
Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request
CVSS 6.3
CVE-2021-27240 HIGH
SolarWinds Patch Manager 2020.2.1 - Privilege Escalation
CVSS 7.8
CVE-2021-21351 MEDIUM
Oracle Banking Platform < 5.15.14 - Insecure Deserialization
CVSS 5.4
CVE-2021-21350 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-21349 MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
CVSS 6.1
CVE-2021-21348 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-21347 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 6.1
CVE-2021-21346 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 6.1
CVE-2021-21345 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.8
CVE-2021-21344 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.3
CVE-2021-21343 MEDIUM
XStream <1.4.16 - Code Injection
CVSS 5.3
CVE-2021-21342 MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
CVSS 5.3
CVE-2021-21341 HIGH
NetApp OnCommand Insight - Denial of Service via XStream Deserialization
CVSS 7.5
CVE-2021-26295 CRITICAL
Apache OFBiz SOAP Java Deserialization
CVSS 9.8
CVE-2021-21371 MEDIUM
tenable-jira-cloud < 1.1.21 - Remote Code Execution via YAML Deserialization
CVSS 5.0
CVE-2021-21488 MEDIUM
SAP NetWeaver Knowledge Management 7.01-7.50 - Authenticated Remote Code Execution via Insecure Deserialization
CVSS 6.5
CVE-2021-20076 HIGH
Tenable.sc 5.13.0-5.17.0 - Authenticated Remote Code Execution via PHP Unserialization
CVSS 8.8
CVE-2021-26857 HIGH KEV
Microsoft Exchange Server - Remote Code Execution via Unsafe Deserialization
CVSS 7.8
CVE-2021-24066 HIGH
Microsoft SharePoint - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.8
CVE-2021-27335 CRITICAL
KollectApps <4.8.16c - Remote Code Execution via Java Deserialization
CVSS 9.8
Details
Vulnerabilities 2,841
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits