Lucene search
K

4276 matches found

Cvelist
Cvelist
added 2024/11/20 5:25 p.m.14 views

CVE-2018-9474

In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.0009EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/20 5:25 p.m.6 views

CVE-2018-9474

In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.2AI score0.0009EPSS
Exploits0References1
NVD
NVD
added 2024/11/20 2:15 p.m.8 views

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

8.8CVSS0.0064EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 10:15 p.m.3 views

CVE-2017-13311

In the read function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interactio...

6.7CVSS5.9AI score0.00073EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 10:15 p.m.17 views

CVE-2017-13310

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is...

7.8CVSS0.00074EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 10:15 p.m.5 views

CVE-2017-13310

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is...

7.8CVSS5.9AI score0.00074EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/15 9:46 p.m.18 views

CVE-2017-13311

In the read function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interactio...

0.00073EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/15 9:36 p.m.18 views

CVE-2017-13310

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is...

0.00074EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 12:19 p.m.4 views

OESA-2024-2400 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

7.5CVSS6.9AI score0.02015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-10583 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a read/write serialization problem in the read function of ProcessStats.java, which can lead to a permissions bypass. This could result in local escalation of...

7.8CVSS7.7AI score0.00073EPSS
Exploits0References4
OSV
OSV
added 2024/11/14 4:53 p.m.4 views

CLSA-2024-1731603213 Fix of 76 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-44946 - kcm: Serialise kcmsendmsg for the same socket. CVE-url: https://ubuntu.com/security/CVE-2024-42292 - kobjectuevent: Fix OOB access within zapmodaliasenv CVE-url: https://ubuntu.com/security/CVE-2024-41042 - netfilter: nftables: prefer...

9.1CVSS7AI score0.01367EPSS
Exploits2References1
OSV
OSV
added 2024/11/11 1:4 a.m.6 views

USN-7098-1 openjdk-17 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 17 did not...

7.4CVSS7.5AI score0.01257EPSS
Exploits0References10
OSV
OSV
added 2024/11/11 1:2 a.m.2 views

USN-7097-1 openjdk-lts vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 11 did not...

7.4CVSS7.5AI score0.01257EPSS
Exploits0References11
OSV
OSV
added 2024/11/11 1:0 a.m.7 views

USN-7096-1 openjdk-8 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 8 did not...

7.4CVSS7.6AI score0.01361EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2024/11/11 12:0 a.m.15 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenJDK 8 vulnerabilities (USN-7096-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7096-1 advisory. Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access...

7.4CVSS7.8AI score0.01361EPSS
Exploits0References21
OSV
OSV
added 2024/11/10 11:54 p.m.7 views

USN-7099-1 openjdk-21 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 21 did not...

4.8CVSS6.7AI score0.01157EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/11/08 10:29 p.m.22 views

CVE-2024-47072

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application. Mitigation Mitigation for this issue is either...

7.5CVSS6.8AI score0.02015EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/07 11:38 p.m.33 views

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS7.7AI score0.02015EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/11/07 11:38 p.m.16 views

CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.1AI score0.02015EPSS
Exploits0
OSV
OSV
added 2024/11/05 6:15 p.m.7 views

AZL-52590 CVE-2024-50102 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

5.5CVSS6AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder