Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yakov shafranovich vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46674
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
Elastic Elasticsearch
5.4
CVSSv2
CVE-2016-6723
A denial of service vulnerability in Proxy Auto Config in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, 6.x prior to 2016-11-01, and 7.0 prior to 2016-11-01 could enable a remote malicious user to use a specially crafted file to cause a device hang or re...
Google Android 7.0
Google Android
5
CVSSv2
CVE-2017-13243
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
Google Android 7.1.2
Google Android 6.0.1
Google Android 6.0
Google Android 7.0
Google Android 8.0
Google Android 5.1.1
Google Android 7.1.1
5
CVSSv2
CVE-2017-5892
ASUS RT-AC* and RT-N* devices with firmware prior to 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.
Asus Rt-ac1750 Firmware 3.0.0.4.380.7266
6.8
CVSSv2
CVE-2017-5891
ASUS RT-AC* and RT-N* devices with firmware prior to 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
Asus Rt-ac1750 Firmware 3.0.0.4.380.7266
1 Article
5
CVSSv2
CVE-2017-15882
The London Trust Media Private Internet Access (PIA) application prior to 1.3.3.1 for Android allows remote malicious users to cause a denial of service (application crash) via a large VPN server-list file.
Londontrustmedia Private Internet Access
5.8
CVSSv2
CVE-2019-7399
Amazon Fire OS prior to 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
Amazon Fire Os
5
CVSSv2
CVE-2018-9489
When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitatio...
Google Android 7.1.2
Google Android 7.0
Google Android 8.0
Google Android 7.1.1
Google Android 8.1
Google Android 9.0
1 Article
2.1
CVSSv2
CVE-2018-9581
In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploita...
Google Android 10.0
5
CVSSv2
CVE-2018-15835
Android 1.0 up to and including 9.0 has Insecure Permissions. The Android bug ID is 77286983.
Google Android
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »