Vulnerabilities (CVE)

Filtered by CWE-502
Total 2885 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2520 2 Fedoraproject, Redhat 2 Fedora, System-config-firewall 2026-06-16 6.0 MEDIUM 7.8 HIGH
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.
CVE-2010-4574 2 Google, Linux 3 Chrome, Chrome Os, Linux Kernel 2026-06-16 7.5 HIGH N/A
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
CVE-2010-3258 1 Google 1 Chrome 2026-06-16 9.3 HIGH N/A
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
CVE-2007-1701 1 Php 1 Php 2026-06-16 6.8 MEDIUM N/A
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".
CVE-2003-0791 2 Mozilla, Sco 2 Mozilla, Openserver 2026-06-16 7.5 HIGH 9.8 CRITICAL
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.