CVE-2022-20195

CVE-2022-20195 concerns the Android keystore library with an insecure deserialization flaw that can cause local denial of service. The description across sources notes the issue allows DoS with user interaction and affects Android 12L; exploitation requires user interaction while the Pixel bullet...

PT-2022-14457

Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a possible out of bounds write due to an incorrect bounds check in the param find digests internal and related functions of the Titan-M source. This could lead to local escalation of privilege...

Google Android Denial of Service Vulnerability (CNVD-2022-61755)

Google Android is a Linux-based open source operating system from Google, a US-based company. The vulnerability is caused by an insecure deserialization flaw in the keystore library. An attacker could exploit the vulnerability to cause a denial of service situation...

Google Android 代码问题漏洞

Google Android is a Linux-based open source operating system from Google, a US-based company. The vulnerability is caused by an insecure deserialization flaw in the keystore library. An attacker could exploit the vulnerability to cause a denial of service situation...

PUB-A-213172664

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation...

GHSA-CGHG-JCV6-4V5M Jenkins Coverity Plugin has Insufficiently Protected Credentials

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...

GHSA-8477-3V39-GGPM Improper Validation of Integrity Check Value in Bouncy Castle

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...

Improper Validation of Integrity Check Value in Bouncy Castle

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...

CVE-2022-22946

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates...

Samsung Encryption Flaw

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...

The vulnerability of the software-hardware system for storing protected information in Android Keystore on Samsung Galaxy devices allows a perpetrator to bypass security measures and extract private keys from the secure environment.

The vulnerability of the software-hardware system for storing protected information in Samsung Galaxy devices’ Android Keystores is related to insufficient validation of entered data. Exploiting this vulnerability can allow attackers to bypass security measures and extract private keys from the...

PT-2022-2172 · Spring · Spring Cloud Gateway

Name of the Vulnerable Software and Affected Versions: Spring Cloud Gateway versions prior to 3.1.1+ Description: The issue is related to the implementation of the TrustManager technology for authentication in the Spring Cloud Gateway library, which is used for creating API gateways. It is...

100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature

A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the...

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

SUSE-SU-2022:0108-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. bsc1194198, bsc1192052 - CVE-2021-3558...

MGASA-2021-0542 Updated java openjdk packages fix security vulnerability

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2021:1500-1 Rating: important References: 1191901 1191903 1191904 1191905 1191906 1191909 1191910 1191911 1191912 1191913 1191914 Cross-References: CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-355...

SUSE-SU-2021:3770-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version OpenJDK 8u312 October 2021 CPU: - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS bsc1191901. - CVE-2021-35556: Fixed excessive memory allocation in RTFParser bsc1191910. - CVE-2021-35559: Fixed...