Lucene search
K

83 matches found

CNVD
CNVD
added 2018/04/02 12:0 a.m.3 views

Jumio SDK for Android Arbitrary Code Execution Vulnerability

Jumio SDK for Android is a software development kit for building authentication applications using biometrics based on the Android platform. A security vulnerability exists in versions of Jumio SDK for Android prior to 1.5.0. The vulnerability can be exploited to execute arbitrary code via the...

9.8CVSS7.9AI score0.02052EPSS
Exploits0References1
NVD
NVD
added 2018/03/29 6:29 p.m.14 views

CVE-2015-2020

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.8CVSS9.5AI score0.02835EPSS
Exploits1References2
NVD
NVD
added 2018/03/29 6:29 p.m.19 views

CVE-2015-2002

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.8CVSS9.5AI score0.0234EPSS
Exploits0References2
NVD
NVD
added 2018/03/29 6:29 p.m.16 views

CVE-2015-2004

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.8CVSS9.5AI score0.02052EPSS
Exploits0References2
Prion
Prion
added 2018/03/29 6:29 p.m.14 views

Code injection

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

7.5CVSS8.1AI score0.0234EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/03/29 6:29 p.m.12 views

Code injection

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

7.5CVSS8.1AI score0.02052EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/03/29 6:29 p.m.15 views

CVE-2015-2000

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.8CVSS9.5AI score0.02052EPSS
Exploits0References2
Prion
Prion
added 2018/03/29 6:29 p.m.14 views

Code injection

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

7.5CVSS8.1AI score0.02835EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/03/29 6:29 p.m.18 views

Code injection

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

7.5CVSS8.1AI score0.02052EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/03/29 6:29 p.m.12 views

Code injection

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

7.5CVSS8.1AI score0.02052EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/03/29 6:29 p.m.21 views

CVE-2015-2001

The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.8CVSS9.5AI score0.02052EPSS
Exploits0References2
NVD
NVD
added 2018/03/29 6:29 p.m.15 views

CVE-2015-2003

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.8CVSS9.5AI score0.02052EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/29 6:0 p.m.19 views

CVE-2015-2002

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.6AI score0.0234EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/29 6:0 p.m.18 views

CVE-2015-2003

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.6AI score0.02052EPSS
Exploits0References2
CVE
CVE
added 2018/03/29 6:0 p.m.45 views

CVE-2015-2000

CVE-2015-2000 affects the Jumio SDK for Android prior to 1.5.0. The issue arises from a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function, allowing arbitrary code execution. Affected product: Jumio SDK for Android (pre-1.5.0). Impac...

9.8CVSS9.4AI score0.02052EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/03/29 6:0 p.m.15 views

CVE-2015-2004

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

9.6AI score0.02052EPSS
Exploits0References2
CVE
CVE
added 2018/03/29 6:0 p.m.39 views

CVE-2015-2003

Summary: CVE-2015-2003 affects the PJSIP PJSUA2 SDK for Android prior to SVN Changeset 51322. The underlying issue is in a Serializable class’s finalize method, which improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution. Documents consistently d...

9.8CVSS9.4AI score0.02052EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/03/29 6:0 p.m.38 views

CVE-2015-2004

The GraceNote GNSDK SDK for Android is affected (before SVN Changeset 1.1.7). A root cause in the Serializable class’s finalize method improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution on vulnerable versions. Affected product: GraceNote GNSDK...

9.8CVSS9.4AI score0.02052EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2018/02/28 2:1 a.m.21 views

Unsafe Deserialization

geode-core is vulnerable to unsafe deserialization. If a malicious user has DATA:WRITE access to a cluster, they may be able to trigger remote code execution RCE attacks. These attacks can occur because the server stores data in its serialized form and some cluster operations and API invocations...

7.5CVSS7.8AI score0.02609EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2018/02/27 11:32 p.m.20 views

Unsafe Deserialization

geode-core is vulnerable to the unsafe deserialization of Java Objects. TcpServer within the Geode locator has a network port which can be used for deserializing data. If an attacker gains access to the Geode locator, they can potentially execute code by deserializing Java Objects. In addition to...

9.8CVSS9.4AI score0.05051EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder