Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

myhack58
myhack58added 2015/11/10 12:0 a.m.49 views

OpenSSLX509Certificate deserialization Vulnerability, CVE-2 0 1 5-3 8 2 5)cause analysis-vulnerability warning-the black bar safety net

Serialization Serialization, is the state of the object information can be converted to storage or transmission in the form of the process. During serialization, the object will be in its current state is written to a temporary or persistent storage area. The user can pass from the storage area t...

1AI score
Exploits0
seebug.org
seebug.orgadded 2015/11/10 12:0 a.m.68 views

OpenSSLX509Certificate 反序列化漏洞

文章作者:没羽@阿里移动安全 来源: http://drops.wooyun.org/papers/10235 序 ---- 序列化 Serialization,是将对象的状态信息转换为可以存储或传输的形式的过程。在序列化期间,对象将其当前状态写入到临时或持久性存储区。使用者可以通过从存储区中读取或反序列化对象的状态,重新创建该对象。...

7.2CVSS6.9AI score0.8219EPSS
Exploits6
NVD
NVDadded 2015/10/01 12:59 a.m.21 views

CVE-2015-3837

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...

9.3CVSS7.3AI score0.01073EPSS
Exploits0References2
Prion
Prionadded 2015/10/01 12:59 a.m.14 views

Deserialization of untrusted data

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...

9.3CVSS7.9AI score0.01073EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2015/10/01 12:0 a.m.16 views

CVE-2015-3837

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka...

7.2AI score0.01073EPSS
Exploits0References2
CVE
CVEadded 2015/10/01 12:0 a.m.68 views

CVE-2015-3837

CVE-2015-3837 affects Android’s OpenSSLX509Certificate class (org/conscrypt/OpenSSLX509Certificate.java) in builds prior to 5.1.1 LMY48I. The root cause is improper inclusion of certain context data during serialization and deserialization, enabling a malicious local application to trigger code e...

9.3CVSS7.5AI score0.01073EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPostadded 2015/08/11 12:33 p.m.23 views

Android 'Serialization' Vulnerability Affects 55 Percent of Devices

Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they’ve not always been diligent about. I...

Exploits1References5
Rows per page
Query Builder