|
276791
|
9.8 |
CRITICAL
Network
|
myscript
|
myscript
|
The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer t…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2015-2020
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276792
|
8.8 |
HIGH
Network
|
ibm
|
qradar_security_information_and_event_manager
|
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack th…
|
CWE-352
Origin Validation Error
|
CVE-2015-2009
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276793
|
9.8 |
CRITICAL
Network
|
gracenote
|
gnsdk
|
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attack…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2004
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276794
|
9.8 |
CRITICAL
Network
|
pjsip
|
pjsua2_sdk
|
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2003
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276795
|
9.8 |
CRITICAL
Network
|
esri
|
arcgisruntime_sdk
|
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-cont…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2002
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276796
|
9.8 |
CRITICAL
Network
|
metaio
|
metaio_sdk
|
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2001
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276797
|
9.8 |
CRITICAL
Network
|
jumio
|
jumio_sdk
|
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2000
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276798
|
9.8 |
CRITICAL
Network
|
datto
|
alto_3_firmware
alto_2_firmware
alto_xl_firmware
siris_3_firmware
siris_2_firmware
siris_3_x_all-flash_firmware
siris_virtual_firmware
alto_imaged_firmware
|
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
|
CWE-20
Improper Input Validation
|
CVE-2015-2081
|
2024-11-21 11:26 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276799
|
7.0 |
HIGH
Local
|
abrt_project
|
abrt
|
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
|
CWE-362
Race Condition
|
CVE-2015-1862
|
2024-11-21 11:26 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276800
|
7.5 |
HIGH
Network
|
edx
|
edx-platform
configuration
|
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_AL…
|
CWE-20
Improper Input Validation
|
CVE-2015-2186
|
2024-11-21 11:26 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
