83 matches found
Jumio SDK for Android Arbitrary Code Execution Vulnerability
Jumio SDK for Android is a software development kit for building authentication applications using biometrics based on the Android platform. A security vulnerability exists in versions of Jumio SDK for Android prior to 1.5.0. The vulnerability can be exploited to execute arbitrary code via the...
CVE-2015-2020
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2002
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2004
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
Code injection
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
Code injection
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2000
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
Code injection
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
Code injection
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
Code injection
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2001
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2003
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2002
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2003
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2000
CVE-2015-2000 affects the Jumio SDK for Android prior to 1.5.0. The issue arises from a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function, allowing arbitrary code execution. Affected product: Jumio SDK for Android (pre-1.5.0). Impac...
CVE-2015-2004
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...
CVE-2015-2003
Summary: CVE-2015-2003 affects the PJSIP PJSUA2 SDK for Android prior to SVN Changeset 51322. The underlying issue is in a Serializable class’s finalize method, which improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution. Documents consistently d...
CVE-2015-2004
The GraceNote GNSDK SDK for Android is affected (before SVN Changeset 1.1.7). A root cause in the Serializable class’s finalize method improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution on vulnerable versions. Affected product: GraceNote GNSDK...
Unsafe Deserialization
geode-core is vulnerable to unsafe deserialization. If a malicious user has DATA:WRITE access to a cluster, they may be able to trigger remote code execution RCE attacks. These attacks can occur because the server stores data in its serialized form and some cluster operations and API invocations...
Unsafe Deserialization
geode-core is vulnerable to the unsafe deserialization of Java Objects. TcpServer within the Geode locator has a network port which can be used for deserializing data. If an attacker gains access to the Geode locator, they can potentially execute code by deserializing Java Objects. In addition to...