Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,842 vulnerabilities with CWE-502

CVE-2020-2211 HIGH

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin <1.3 - RCE

CVE-2020-10740 MEDIUM

Wildfly <20.0.0.Final - Deserialization

CVE-2020-14942 CRITICAL

Tendenci < 12.0.11 - Deserialization of Untrusted Data in Helpdesk Staff Views

CVE-2020-14933 HIGH

SquirrelMail 1.4.22 - Info Disclosure

CVE-2020-14932 CRITICAL

SquirrelMail <1.4.22 - Code Injection

CVE-2020-8165 CRITICAL

Rails <5.2.4.3-6.0.3.1 - Deserialization

CVE-2020-8164 HIGH

Rails <5.2.4.3-6.0.3.1 - Info Disclosure

CVE-2020-14195 HIGH

jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via org.jsecurity.realm.jndi.JndiRealmFactory

CVE-2020-14060 HIGH

jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via apache/drill JNDIConnectionPool

CVE-2020-14062 HIGH

FasterXML jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via xalan2 JNDIConnectionPool

CVE-2020-14061 HIGH

jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via Oracle AQjms Gadgets

CVE-2020-5411 HIGH

Spring Batch 4.0.0-4.0.3 and 4.1.0-4.2.2 - Remote Code Execution via Jackson Default Typing

CVE-2020-0132 MEDIUM

Android 10 - Local Information Disclosure via Unsafe Deserialization in BnAAudioService

CVE-2020-4043 HIGH

phpMussel 1.0.0-1.5.9 - Remote Code Execution via PHAR Deserialization

CVE-2020-12000 HIGH

Ignition Gateway < 7.9.14 - Deserialization of Untrusted Data

CVE-2020-10644 HIGH

Ignition <8.0.10, <7.9.14 - Info Disclosure

CVE-2020-4450 CRITICAL

IBM WebSphere Application Server 8.5.0.0-8.5.5.17 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-4449 HIGH

IBM WebSphere Application Server 7.0.0.0-7.0.0.45 - Information Disclosure via Deserialization of Untrusted Data

CVE-2020-4448 CRITICAL

IBM WebSphere Application Server 7.0-9.0 - Remote Code Execution via Untrusted Object Deserialization

CVE-2020-7660 HIGH

serialize-javascript < 3.1.0 - Remote Code Execution via deleteFunctions

CVE-2020-12390 CRITICAL

Firefox < 76.0 - Incorrect Origin Serialization via IPv6 URL Handling

CVE-2020-3280 CRITICAL

Cisco Unified Contact Center Express 12.0-12.0(1)es03 - RCE via Insecure Java Deserialization

CVE-2020-9484 HIGH

Apache Tomcat < 7.0.108 - Insecure Deserialization

CVE-2020-12835 CRITICAL

SmartBear ReadyAPI SoapUI Pro 3.2.5 - Code Injection

CVE-2020-13092 CRITICAL

scikit-learn <0.23.0 - Command Injection

Previous Page 96 of 114 Next

Details

Vulnerabilities 2,842

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy