Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,842 vulnerabilities with CWE-502

CVE-2020-13091 CRITICAL

pandas <= 1.0.3 - Remote Code Execution via read_pickle() Function

CVE-2020-11973 CRITICAL

Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via Netty

CVE-2020-11972 CRITICAL

Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via RabbitMQ Java Deserialization

CVE-2020-11067 HIGH

TYPO3 CMS <9.5.16, <10.4.1 - Code Injection

CVE-2020-12760 HIGH

OpenNMS Horizon <26.0.1, Meridian <2018.1.19 & 2019 <2019.1.7 - Rem...

CVE-2020-5741 HIGH KEV

Plex Media Server < 1.19.3 - Authenticated Remote Code Execution via Unpickle Deserialization

CVE-2020-2189 HIGH

Jenkins SCM Filter Jervis Plugin < 0.2.1 - Remote Code Execution via YAML Deserialization

CVE-2020-12471 CRITICAL

MonoX < 5.1.40.5152 - Remote Code Execution via Insecure Deserialization in HTML5Upload.ashx

CVE-2020-12469 MEDIUM

Subrion CMS <4.2.1 - Code Injection

CVE-2020-12133 CRITICAL

Furukawa Electric ConsciusMAP < 2.8.1 - Remote Code Execution via Java Deserialization

CVE-2020-10915 CRITICAL

VEEAM One Agent 9.5.4.4587 - Deserialization

CVE-2020-10914 CRITICAL

VEEAM One Agent 9.5.4.4587 - Deserialization

CVE-2020-0082 HIGH

Android 10 - Local Privilege Escalation via Unsafe Deserialization in ExternalVibration

CVE-2020-2180 HIGH

Jenkins Amazon Web Services Serverles... - Insecure Deserialization

CVE-2020-2179 HIGH

Jenkins Yaml Axis Plugin <= 0.2.0 - Remote Code Execution via Unsafe YAML Deserialization

CVE-2020-1964 CRITICAL

Apache Heron 0.20.0-incubating-0.20.2-incubating - Remote Code Execution via YAML Deserialization

CVE-2020-4272 HIGH

IBM QRadar 7.3.0-7.3.3 Patch 2 - Remote File Inclusion and Arbitrary Code Execution

CVE-2020-4271 MEDIUM

IBM QRadar 7.3.0-7.3.3 Patch 2 - Authenticated Remote Code Execution via PHP Object Injection

CVE-2020-2757 LOW

Oracle JDK and JRE - Partial Denial of Service via Serialization

CVE-2020-2756 LOW

Oracle JDK and JRE - Unauthenticated Partial Denial of Service via Serialization

CVE-2020-6219 HIGH

SAP Business Objects <4.3 - Deserialization

CVE-2020-11630 CRITICAL

EJBCA < 6.15.2.6 and 7.x < 7.3.1.2 - Deserialization of Untrusted Data via Peers Protocol

CVE-2020-11620 HIGH

jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via commons-jelly Gadget

CVE-2020-11619 HIGH

jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via spring-aop MethodLocatingFactoryBean

CVE-2020-11467 HIGH

Deskpro < 2019.8.0 - Remote Code Execution via TWIG Template Unserialize

Previous Page 97 of 114 Next

Details

Vulnerabilities 2,842

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy