Lucene search
K

17 matches found

OSV
OSV
added 2026/06/19 8:47 p.m.5 views

GHSA-X845-2F78-7V36 Blocky DNSSEC validation bypass and validation-cache scope pollution

Summary Blocky accepts and caches forged DNS answers while dnssec.validate: true is enabled. The issue has two related exploit paths: 1. Basic DNSSEC validation bypass. If an untrusted upstream returns an unsigned positive answer for a DNSSEC-signed public domain, Blocky classifies the response a...

8.6CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.7 views

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

5.7CVSS6.9AI score0.00142EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:8 a.m.5 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

6.4CVSS7.3AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2025/01/22 4:15 p.m.18 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

6.4CVSS0.0016EPSS
Exploits0References2
NVD
NVD
added 2025/01/22 4:15 p.m.18 views

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

5.7CVSS0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/22 12:0 a.m.9 views

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

6.9AI score0.00142EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.4 views

GRAU DATA Blocky 安全漏洞

GRAU DATA Blocky is a ransomware protection software from GRAU DATA, Germany. A security vulnerability exists in GRAU DATA Blocky versions prior to 3.1, which stems from a client-side enforcement of server-side security vulnerability in Blocky-Gui that allows an attacker to gain full access to al...

6.4CVSS6.8AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.4 views

GRAU DATA Blocky 安全漏洞

GRAU DATA Blocky is a ransomware protection software from GRAU DATA, Germany. A security vulnerability exists in GRAU DATA Blocky versions prior to 3.1 that stems from storing passwords in an encrypted manner, allowing an attacker to steal a user's Blocky password and impersonate a local user...

5.7CVSS6.6AI score0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/22 12:0 a.m.11 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

0.0016EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 12:0 a.m.52 views

CVE-2024-42013

CVE-2024-42013 affects GRAU DATA Blocky/Blocky-Gui prior to 3.1. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that allows an attacker with Windows administrative/debugging privileges to patch a binary in memory or on disk to bypass the password login a...

6.4CVSS7.3AI score0.0016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.4 views

PT-2025-2617 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: GRAU DATA Blocky versions prior to 3.1 Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in Blocky-Gui. An attacker with Windows administrative or debugging privileges can patch a binary in...

6.4CVSS7.5AI score0.0016EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/22 12:0 a.m.6 views

CVE-2024-42013

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...

7.3AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 12:0 a.m.56 views

CVE-2024-42012

The CVE relates to GRAU DATA Blocky before 3.1, a ransomware-protection product. The issue is that passwords are stored encrypted rather than hashed, and at login the entered password is compared to the decrypted cleartext password. An attacker with Windows admin or debugging rights can exfiltrat...

5.7CVSS7AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 12:0 a.m.13 views

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

0.00142EPSS
Exploits0References2
hackapp
hackapp
added 2016/04/01 10:1 a.m.8 views

Blocky Roads - Base64 encoded String, Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Blocky Roads published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:45 a.m.8 views

Blocky Cars: Traffic Rush - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Blocky Cars: Traffic Rush published at the 'play' market has multiple vulnerabilities...

1.9AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:41 a.m.16 views

Blocky Cop Craft Running Thief - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Blocky Cop Craft Running Thief published at the 'play' market has multiple vulnerabilities...

1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder