49 matches found
CVE-2016-3840
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...
Design/Logic Flaw
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...
UBUNTU-CVE-2016-3840
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...
CVE-2016-3840
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...
CVE-2016-3840
CVE-2016-3840 affects Conscrypt in Android: versions 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x up to 2016-08-05 fail to properly identify session reuse, enabling remote arbitrary code execution via unspecified vectors. The NVD entry mirrors this description with a high/critic...
CVE-2016-3840
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...
The vulnerability of the Android operating system, which allows a hacker to replace the authentication message
The vulnerability of the OpenSSL Cipher.java function in the Conscrypt component of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to substitute the authentication message remotely...
The vulnerability of the Android operating system, which allows a hacker to replace the authentication message
The vulnerability of the OpenSSL Cipher.java function in the Conscrypt component of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to substitute the authentication message remotely...
CVE-2016-2462
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...
CVE-2016-2461
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...
CVE-2016-2461
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...
Design/Logic Flaw
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...
Design/Logic Flaw
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...
CVE-2016-2461
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...
CVE-2016-2462
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...
CVE-2016-2462
Summary (CVE-2016-2462) : In Android 6.x, the Conscrypt/OpenSSL binding (OpenSSLCipher.java) mishandled updates to the AAD array, enabling possible spoofing of message authentication via unspecified vectors (internal bug 27371173). This is a local/authenticated context issue due to the cipher sta...
CVE-2016-2461
CVE-2016-2461 affects OpenSSLCipher.java in Conscrypt on Android 6.x. The issue arises from mishandling resets of the AAD array, allowing a local attacker to spoof message authentication via unspecified vectors (internal bugs 27324690, 27696681). The vulnerability is tied to Conscrypt in the Andr...
Android Conscrypt Elevation of Privilege Vulnerability
Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, of which Concrypt is a component that uses OpenSSL to provide Java security. An elevation of privilege vulnerability exists in Conscrypt in versions prior to Android 6.x, 2016-05-01. A...
Android Conscrypt elevation of privilege vulnerability (CNVD-2016-02859)
Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, of which Concrypt is a component that uses OpenSSL to provide Java security. An elevation of privilege vulnerability exists in Conscrypt in versions prior to Android 6.x on 2016-05-01. A...
The vulnerability of the Android operating system allows a hacker to replace the server
The vulnerability of the caching function in the TrustManagerImpl class TrustManagerImpl.java of the Conscrypt component in the Android operating system is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to replace servers by accessing...