Peles_O

Researcher fromAleph Research, HCL Software
#6013of 53,635
45Total CVSS
Vulnerabilities · 6
High
6
PT-2018-4354
7.5
2018-03-29
Jumio · Jumio Sdk · CVE-2015-2000
**Name of the Vulnerable Software and Affected Versions** Jumio SDK versions prior to 1.5.0 for Android **Description** The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This is done by improperly passing an attacker-controlled pointer to a native function. **Recommendations** For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue.
PT-2018-4355
7.5
2018-03-29
Meta · Metaio Sdk · CVE-2015-2001
**Name of the Vulnerable Software and Affected Versions** MetaIO SDK versions prior to 6.0.2.1 **Description** The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This is due to the class improperly passing an attacker-controlled pointer to a native function. **Recommendations** For versions prior to 6.0.2.1, update to version 6.0.2.1 or later to resolve the issue.
PT-2018-4356
7.5
2018-03-29
Esri · Esri Arcgis Runtime Sdk · CVE-2015-2002
**Name of the Vulnerable Software and Affected Versions** ESRI ArcGis Runtime SDK versions prior to 10.2.6-2 for Android **Description** The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This is due to the improper passing of an attacker-controlled pointer to a native function. **Recommendations** For versions prior to 10.2.6-2, update to version 10.2.6-2 or later to resolve the issue.
PT-2018-4357
7.5
2018-03-29
Pjsip · Pjsua2 Sdk · CVE-2015-2003
**Name of the Vulnerable Software and Affected Versions** PJSUA2 SDK versions prior to SVN Changeset 51322 for Android **Description** The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This method improperly passes an attacker-controlled pointer to a native function, potentially leading to code execution. **Recommendations** For versions prior to SVN Changeset 51322, update to a version that includes the fix for this issue to prevent potential code execution attacks.
PT-2018-4358
7.5
2018-03-29
Gracenote · Gnsdk Sdk · CVE-2015-2004
**Name of the Vulnerable Software and Affected Versions** GraceNote GNSDK SDK versions prior to SVN Changeset 1.1.7 **Description** The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This method improperly passes an attacker-controlled pointer to a native function. **Recommendations** For versions prior to SVN Changeset 1.1.7, update to a version that includes the fix for this issue.
PT-2018-4360
7.5
2018-03-29
Myscript · Myscript Sdk · CVE-2015-2020
**Name of the Vulnerable Software and Affected Versions** MyScript SDK versions prior to 1.3 for Android **Description** The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This is due to the class improperly passing an attacker-controlled pointer to a native function. **Recommendations** For MyScript SDK versions prior to 1.3 for Android, update to version 1.3 or later to resolve the issue.