Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2020-6770 CRITICAL

Bosch BVMS Mobile Video Service < 7.5 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2020-3716 CRITICAL

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - Code Injection

CVE-2020-6959 CRITICAL

Honeywell MAXPRO VMS and NVR < 5.6 - Unauthenticated Remote Code Execution via Unsafe Deserialization

CVE-2020-2604 HIGH

Oracle Java SE 7u241/8u231/11.0.5/13.0.1 & Embedded 8u231 - RCE via Serialization

CVE-2020-2555 CRITICAL KEV

Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE

CVE-2019-6834 HIGH

Schneider Electric SESU <2.3.0 - Code Injection

CVE-2019-19810 CRITICAL

Zoom Call Recording 6.3.1 - Unauthenticated Remote Code Execution via Java RMI Deserialization

CVE-2019-4728 HIGH

IBM Sterling B2B Integrator <6.1.0.0 - Code Injection

CVE-2019-7725 CRITICAL

NukeViet < 4.3.04 - Deserialization of Untrusted Data via nvloginhash Cookie

CVE-2019-11286 CRITICAL

VMware GemFire < 9.7.5 and Tanzu GemFire for VMs < 1.8.2 - Authenticated Remote Code Execution via JMX Service

CVE-2019-16112 HIGH

TylerTech Eagle 2018.3.11 - Remote Code Execution via Untrusted Java Deserialization

CVE-2019-17564 CRITICAL

Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.7, 2.7.0-2.7.4 - Remote Code Execution via Unsafe Java Deserialization

CVE-2019-2391 MEDIUM

MongoDB Inc. js-bson <1.1.3 - Info Disclosure

CVE-2019-20453 HIGH

Pydio < 8.2.4 - Authenticated Remote Code Execution via PHP Object Injection in HttpDownload Plugin

CVE-2019-20452 HIGH

Pydio < 8.2.4 - Authenticated Remote Code Execution via PHP Object Injection in RecycleBinManager

CVE-2019-14893 CRITICAL

FasterXML jackson-databind < 2.9.10 - Remote Code Execution via Xalan JNDI Gadget Deserialization

CVE-2019-14892 CRITICAL

jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization

CVE-2019-5326 HIGH

Aruba Airwave VisualRF - Code Injection

CVE-2019-20477 CRITICAL

PyYAML 5.1-5.1.2 - Deserialization of Untrusted Data via Insufficient Class Restrictions

CVE-2019-17570 CRITICAL

Apache XML-RPC - Remote Code Execution via Untrusted Deserialization in XmlRpcResponseParser

CVE-2019-17635 HIGH

Eclipse Memory Analyzer < 1.9.1 - Deserialization of Untrusted Data via Malicious Index File

CVE-2019-17076 CRITICAL

Jamf Pro 9.4-9.101.4 and 10.x < 10.15.1 - Remote Code Execution via JSON Deserialization

CVE-2019-20330 CRITICAL

Netapp Snapcenter < 2.7.9.7 - Insecure Deserialization

CVE-2019-14466 MEDIUM

GONICUS GOsa 2.7.5.2 - Code Injection

CVE-2019-19470 HIGH

TinyWall <2.1.12 - Privilege Escalation

Previous Page 99 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy