Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,842 vulnerabilities with CWE-502

CVE-2020-11113 HIGH

FasterXML Jackson-Databind <2.9.10.4 - Code Injection

CVE-2020-11112 HIGH

FasterXML jackson-databind <2.9.10.4 - RCE

CVE-2020-11111 HIGH

FasterXML jackson-databind <2.9.10.4 - Code Injection

CVE-2020-7610 CRITICAL

mongodb/bson < 1.1.4 - Deserialization of Untrusted Data via _bsotype Handling

CVE-2020-10969 HIGH

jackson-databind 2.7.0-2.7.9.6 - Deserialization of Untrusted Data via javax.swing.JEditorPane

CVE-2020-10968 HIGH

FasterXML Jackson-Databind <2.9.10.4 - Code Injection

CVE-2020-6967 CRITICAL

Rockwell Automation FactoryTalk Services Platform - Deserialization of Untrusted Data via .NET Remoting Endpoint

CVE-2020-7961 CRITICAL KEV

Liferay Portal <7.2.1 CE GA2 - Code Injection

CVE-2020-10673 HIGH

FasterXML jackson-databind <2.9.10.4 - Code Injection

CVE-2020-10672 HIGH

FasterXML jackson-databind <2.9.10.4 - Code Injection

CVE-2020-1947 CRITICAL

Apache ShardingSphere 4.0.0-RC3-4.0.0 - Remote Code Execution via SnakeYAML Deserialization

CVE-2020-2158 HIGH

Jenkins Literate Plugin < 1.0 - Remote Code Execution via YAML Deserialization

CVE-2020-5327 HIGH

Dell Security Management Server < 10.2.10 - Unauthenticated Remote Code Execution via Java RMI Deserialization

CVE-2020-10189 CRITICAL KEV

ManageEngine Desktop Central < 10.0.479 - Remote Code Execution via Java Deserialization in FileStorage

CVE-2020-9548 CRITICAL

jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via anteros-core Gadget

CVE-2020-9547 CRITICAL

jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via com.ibatis.sqlmap Gadget

CVE-2020-9546 CRITICAL

jackson-databind 2.7.0-2.7.9.6 - Deserialization of Untrusted Data via HikariConfig Gadget

CVE-2020-8441 CRITICAL

jyaml < 1.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2020-9006 CRITICAL

Popup Builder 2.2.8-2.6.7.6 - SQL Injection via PHP Deserialization in sgImportPopups

CVE-2020-8801 HIGH

SuiteCRM <= 7.11.11 - PHAR Deserialization

CVE-2020-2123 HIGH

Jenkins RadarGun Plugin < 1.7 - Remote Code Execution via YAML Deserialization

CVE-2020-0618 HIGH KEV

Microsoft SQL Server Reporting Services - Remote Code Execution via ViewState Deserialization

CVE-2020-8840 CRITICAL

FasterXML Jackson-Databind <2.9.10.2 - RCE

CVE-2020-6770 CRITICAL

Bosch BVMS Mobile Video Service < 7.5 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2020-3716 CRITICAL

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - Code Injection

Previous Page 98 of 114 Next

Details

Vulnerabilities 2,842

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy