VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 86 of 87
  • CVE-2018-18628Oct 23, 2018
    risk 0.00cvss epss 0.05

    An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it…

  • CVE-2018-18240Oct 11, 2018
    risk 0.00cvss epss 0.04

    Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.

  • CVE-2018-7889HigMar 8, 2018
    risk 0.00cvss 7.8epss 0.05

    gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

  • CVE-2017-15693HigFeb 27, 2018
    risk 0.00cvss 7.5epss 0.03

    In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if…

  • CVE-2017-15692CriFeb 27, 2018
    risk 0.00cvss 9.8epss 0.05

    In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

  • CVE-2018-1000046HigFeb 9, 2018
    risk 0.00cvss 7.8epss 0.02

    NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in…

  • CVE-2018-1000045HigFeb 9, 2018
    risk 0.00cvss 7.8epss 0.02

    NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been…

  • CVE-2018-1051HigJan 25, 2018
    risk 0.00cvss 8.1epss 0.01

    It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

  • CVE-2014-1972Aug 22, 2015
    risk 0.00cvss epss 0.10

    Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.

  • CVE-2011-4104Oct 27, 2014
    risk 0.00cvss epss 0.02

    The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

  • CVE-2014-0003Mar 21, 2014
    risk 0.00cvss epss 0.07

    The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

  • CVE-2013-7075Dec 23, 2013
    risk 0.00cvss epss 0.01

    The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified…

  • CVE-2013-4271Oct 10, 2013
    risk 0.00cvss epss 0.03

    The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

  • CVE-2013-1768Jul 11, 2013
    risk 0.00cvss epss 0.10

    The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute…

  • CVE-2011-4962Sep 17, 2012
    risk 0.00cvss epss 0.04

    code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.

  • CVE-2012-3527Sep 5, 2012
    risk 0.00cvss epss 0.02

    view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a…

  • CVE-2012-1605Sep 4, 2012
    risk 0.00cvss epss 0.02

    The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

  • CVE-2011-2894Oct 4, 2011
    risk 0.00cvss epss 0.09

    Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1)…

  • CVE-2010-4574Dec 22, 2010
    risk 0.00cvss epss 0.02

    The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a…

  • CVE-2010-3258Sep 7, 2010
    risk 0.00cvss epss 0.01

    The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.