Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1676

1676 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-21426 Fixes a bug in Zend Framework's Stream HTTP Wrapper — magento-lts 9.8 Critical2021-04-21
CVE-2021-3035 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution — Bridgecrew Checkov 6.7 Medium2021-04-20
CVE-2021-21524 Dell EMC Storage Resource Manager 代码问题漏洞 — Dell EMC Storage Monitoring and Reporting 9.8 -2021-04-12
CVE-2021-24217 Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain — Facebook for WordPress 8.1 -2021-04-12
CVE-2021-1415 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities — Cisco Small Business RV Series Router Firmware 6.3 Medium2021-04-08
CVE-2021-1414 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities — Cisco Small Business RV Series Router Firmware 6.3 Medium2021-04-08
CVE-2021-1413 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities — Cisco Small Business RV Series Router Firmware 6.3 Medium2021-04-08
CVE-2021-27240 solarwinds Patch Manager 代码问题漏洞 — Patch Manager 7.8 -2021-03-29
CVE-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host — xstream 6.1 Medium2021-03-22
CVE-2021-21342 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host — xstream 5.3 Medium2021-03-22
CVE-2021-21371 Execution of untrusted code through config file — integration-jira-cloud 5.0 Medium2021-03-10
CVE-2021-22855 Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution — HR Portal 9.8 Critical2021-02-17
CVE-2020-27868 Qognify Ocularis 代码问题漏洞 — Ocularis 9.8 -2021-02-11
CVE-2020-12525 WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component — fdtCONTAINER Component 7.3 High2021-01-22
CVE-2021-20190 FasterXML jackson-databind 代码问题漏洞 — jackson-databind 8.1 -2021-01-19
CVE-2020-11995 Apache Dubbo default deserialization protocol Hessian2 cause CRE — Apache Dubbo 9.8 -2021-01-11
CVE-2020-17531 Deserialization flaw in EOL Tapestry 4. — Apache Tapestry 9.8 -2020-12-08
CVE-2020-26207 Unsafe deserialization in DatabaseSchemaViewer — dbschemareader 8.0 High2020-11-04
CVE-2020-10721 fabric8-maven-plugin 代码问题漏洞 — fabric8-maven-plugin 7.8 -2020-10-22
CVE-2020-15244 RCE in Magento — magento-lts 8.0 High2020-10-21
CVE-2020-26867 ARC Informatique PcVue Deserialization of Untrusted Data — PcVue 9.8 Critical2020-10-12
CVE-2020-7811 Samsung Update Local Privilege Escalation Vulnerability — Samsung Update 6.2 Medium2020-10-12
CVE-2020-15188 Unauthenticated Remote Code Execution in SOY CMS — soycms 10.0 Critical2020-09-18
CVE-2020-7532 施耐德 SCADAPack 代码问题漏洞 — SCADAPack x70 Security Administrator V1.2.0 and prior. 7.8 -2020-09-16
CVE-2020-7528 SCADAPack Remote Connect 代码问题漏洞 — SCADAPack 7x Remote Connect V3.6.3.574 and prior. 7.8 -2020-09-16
CVE-2020-15172 Remote Code Execution in Act module — FluffyCogs 8.7 High2020-09-15
CVE-2020-15148 Unsafe deserialization in Yii 2 — yii2 8.9 High2020-09-15
CVE-2020-17405 Senstar Symphony 代码执行漏洞 — Symphony 8.8 -2020-09-01
CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets" — Spring Integration 9.8 -2020-07-31
CVE-2019-11286 JMX Credential Deserialization in GemFire — VMware GemFire 9.1 -2020-07-31

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.