CWE-502
Deserialization of Untrusted Data
Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-586
CVEs mapped to this weakness (1,721)
page 86 of 87| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18628 | — | 0.00 | — | 0.05 | Oct 23, 2018 | An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it… | ||
| CVE-2018-18240 | — | 0.00 | — | 0.04 | Oct 11, 2018 | Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling. | ||
| CVE-2018-7889 | Hig | 0.00 | 7.8 | 0.05 | Mar 8, 2018 | gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. | ||
| CVE-2017-15693 | — | Hig | 0.00 | 7.5 | 0.03 | Feb 27, 2018 | In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if… | |
| CVE-2017-15692 | — | Cri | 0.00 | 9.8 | 0.05 | Feb 27, 2018 | In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. | |
| CVE-2018-1000046 | Hig | 0.00 | 7.8 | 0.02 | Feb 9, 2018 | NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in… | ||
| CVE-2018-1000045 | Hig | 0.00 | 7.8 | 0.02 | Feb 9, 2018 | NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been… | ||
| CVE-2018-1051 | Hig | 0.00 | 8.1 | 0.01 | Jan 25, 2018 | It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | ||
| CVE-2014-1972 | 0.00 | — | 0.10 | Aug 22, 2015 | Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data. | |||
| CVE-2011-4104 | 0.00 | — | 0.02 | Oct 27, 2014 | The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. | |||
| CVE-2014-0003 | 0.00 | — | 0.07 | Mar 21, 2014 | The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. | |||
| CVE-2013-7075 | 0.00 | — | 0.01 | Dec 23, 2013 | The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified… | |||
| CVE-2013-4271 | 0.00 | — | 0.03 | Oct 10, 2013 | The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221. | |||
| CVE-2013-1768 | 0.00 | — | 0.10 | Jul 11, 2013 | The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute… | |||
| CVE-2011-4962 | 0.00 | — | 0.04 | Sep 17, 2012 | code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized. | |||
| CVE-2012-3527 | 0.00 | — | 0.02 | Sep 5, 2012 | view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a… | |||
| CVE-2012-1605 | 0.00 | — | 0.02 | Sep 4, 2012 | The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." | |||
| CVE-2011-2894 | 0.00 | — | 0.09 | Oct 4, 2011 | Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1)… | |||
| CVE-2010-4574 | 0.00 | — | 0.02 | Dec 22, 2010 | The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a… | |||
| CVE-2010-3258 | 0.00 | — | 0.01 | Sep 7, 2010 | The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. |
- CVE-2018-18628Oct 23, 2018risk 0.00cvss —epss 0.05
An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it…
- CVE-2018-18240Oct 11, 2018risk 0.00cvss —epss 0.04
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
- risk 0.00cvss 7.8epss 0.05
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
- risk 0.00cvss 7.5epss 0.03
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if…
- risk 0.00cvss 9.8epss 0.05
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
- risk 0.00cvss 7.8epss 0.02
NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in…
- risk 0.00cvss 7.8epss 0.02
NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been…
- risk 0.00cvss 8.1epss 0.01
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
- CVE-2014-1972Aug 22, 2015risk 0.00cvss —epss 0.10
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
- CVE-2011-4104Oct 27, 2014risk 0.00cvss —epss 0.02
The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
- CVE-2014-0003Mar 21, 2014risk 0.00cvss —epss 0.07
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
- CVE-2013-7075Dec 23, 2013risk 0.00cvss —epss 0.01
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified…
- CVE-2013-4271Oct 10, 2013risk 0.00cvss —epss 0.03
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
- CVE-2013-1768Jul 11, 2013risk 0.00cvss —epss 0.10
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute…
- CVE-2011-4962Sep 17, 2012risk 0.00cvss —epss 0.04
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
- CVE-2012-3527Sep 5, 2012risk 0.00cvss —epss 0.02
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a…
- CVE-2012-1605Sep 4, 2012risk 0.00cvss —epss 0.02
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
- CVE-2011-2894Oct 4, 2011risk 0.00cvss —epss 0.09
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1)…
- CVE-2010-4574Dec 22, 2010risk 0.00cvss —epss 0.02
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a…
- CVE-2010-3258Sep 7, 2010risk 0.00cvss —epss 0.01
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.