Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,842 vulnerabilities with CWE-502

CVE-2020-25259 CRITICAL

Hyland OnBase Deserialization of Untrusted Data via XML

CVE-2020-25258 CRITICAL

Hyland OnBase <= 20.3.10.1000 - Remote Code Execution via ASP.NET BinaryFormatter Deserialization

CVE-2020-24034 HIGH

Sagemcom F@ST 5280 <1.150.61 - Privilege Escalation

CVE-2020-17405 HIGH

Senstar Symphony 7.3.2.2 - Code Injection

CVE-2020-15777 HIGH

Gradle Enterprise Maven Extension < 1.6 - Remote Code Execution via Untrusted Java Deserialization

CVE-2020-24616 HIGH

FasterXML jackson-databind <2.9.10.6 - RCE

CVE-2020-10289 HIGH

Openrobotics Robot Operating System - Insecure Deserialization

CVE-2020-4589 CRITICAL

IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-5413 CRITICAL

Spring Integration - Deserialization

CVE-2020-15098 HIGH

TYPO3 CMS >=9.0.0 <9.5.20, >=10.0.0 <10.4.6 - RCE

CVE-2020-15086 CRITICAL

mediace 7.6.2-7.6.4 - Authenticated Remote Code Execution via Checksum Verification Bypass

CVE-2020-10917 CRITICAL

NEC ESMPRO Manager 6.42 - Unauthenticated Remote Code Execution via RMI Service Deserialization

CVE-2020-9664 CRITICAL

Magento < 1.9.4.5 and < 1.14.4.5 - Remote Code Execution via PHP Object Injection

CVE-2020-15842 HIGH

Liferay Portal < 7.3.0 and Liferay DXP 7.0-7.2 - Remote Code Execution via Insecure Deserialization

CVE-2020-4464 HIGH

IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Remote Code Execution via SOAP Connector Deserialization

CVE-2020-11982 CRITICAL

Apache Airflow < 1.10.10 - Remote Code Execution via CeleryExecutor Deserialization

CVE-2020-12015 HIGH

Mitsubishi Electric MC Works64 < 10.95.208.31 and MC Works32 - Denial of Service via Improper Deserialization

CVE-2020-12007 CRITICAL

Mitsubishi Electric MC Works64 < 10.95.208.31 and MC Works32 - RCE and DoS via Deserialization

CVE-2020-12009 HIGH

Mitsubishi Electric MC Works64 < 10.95.208.31 and MC Works32 - Denial of Service via Deserialization

CVE-2020-14000 CRITICAL

MIT Scratch scratch-vm < 0.2.0-prerelease.20200714185213 - RCE via Untrusted Project JSON Extension URL

CVE-2020-9496 MEDIUM

Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests

CVE-2020-1439 HIGH

SharePoint Server - Remote Code Execution via PerformancePoint Services XML Deserialization

CVE-2020-1948 CRITICAL

Apache Dubbo < 2.7.7 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-4305 HIGH

IBM InfoSphere Information Server 11.3, 11.5, 11.7 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-14172 CRITICAL

Atlassian Jira <7.13.0, 8.0.0-8.5.0, 8.6.0-8.8.1 - RCE via Insecure Deserialization

Previous Page 95 of 114 Next

Details

Vulnerabilities 2,842

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy