CVE-2018-18013
Xen Mobile prior to 10.8.0 contains a service listening on port 5001 that accepts unauthenticated input; deserializing raw Java objects in memory can lead to remote code execution. The vendor disputes the vulnerability, stating it is mitigated by an internal firewall limiting access to localhost....