CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,841 vulnerabilities with CWE-502
CVE-2020-36179 HIGH
Oracle JD Edwards Enterpriseone Tools - Insecure Deserialization
CVSS 8.1
CVE-2020-36189 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
CVSS 8.1
CVE-2020-36188 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via JNDIConnectionSource
CVSS 8.1
CVE-2020-36187 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
CVSS 8.1
CVE-2020-36186 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
CVSS 8.1
CVE-2020-36185 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
CVSS 8.1
CVE-2020-36184 HIGH
Netapp Cloud Backup < 21.1.2 - Insecure Deserialization
CVSS 8.1
CVE-2020-36181 HIGH
Netapp Service Level Manager < 21.1.2 - Insecure Deserialization
CVSS 8.1
CVE-2020-8884 HIGH
Proofpoint Insider Threat Mgmt <7.9 - Code Injection
CVSS 8.8
CVE-2020-10658 CRITICAL
Proofpoint Insider Threat Management <7.9.1 - Code Injection
CVSS 9.8
CVE-2020-10657 HIGH
Proofpoint Insider Threat Management Server <7.9.1 - Code Injection
CVSS 7.2
CVE-2020-10656 CRITICAL
Proofpoint Insider Threat Management Server <7.9.1 - Code Injection
CVSS 9.8
CVE-2020-10655 CRITICAL
Proofpoint Insider Threat Management <7.9.1 - Code Injection
CVSS 9.8
CVE-2020-35488 HIGH
nxlog < 3.0.2272 - Denial of Service via Crafted Syslog Payload
CVSS 7.5
CVE-2020-35939 HIGH
Pickplugins Post Grid < 2.0.73 - Insecure Deserialization
CVSS 7.5
CVE-2020-35938 HIGH
Post Grid < 2.0.73 - Authenticated PHP Object Injection via AJAX Import Layouts
CVSS 7.5
CVE-2020-35932 HIGH
Newsletter < 6.8.2 - Authenticated PHP Object Injection via tpnc_render AJAX Action
CVSS 7.5
CVE-2020-26165 HIGH
qdPM < 9.1 - PHP Object Injection via timeReportActions::executeExport
CVSS 8.8
CVE-2020-35728 HIGH
jackson-databind 2.9.0-2.9.10.7 - Deserialization of Untrusted Data via JNDIConnectionPool
CVSS 8.1
CVE-2020-35491 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
CVSS 8.1
CVE-2020-35490 HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
CVSS 8.1
CVE-2020-22083 CRITICAL
jsonpickle < 1.4.1 - Remote Code Execution via Untrusted Data Deserialization
CVSS 9.8
CVE-2020-20136 CRITICAL
QuantConnect Lean 2.3.0.0-2.4.0.1 - Deserialization of Untrusted Data via Json.NET TypeNameHandling Misconfiguration
CVSS 9.8
CVE-2020-9301 HIGH
Spinnaker < 1.21.5 - Authenticated Arbitrary File Read and Write via SpEL Expression Handling
CVSS 8.8
CVE-2020-17144 HIGH KEV
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
CVSS 8.4
Details
Vulnerabilities 2,841
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits