Lucene search
+L

171 matches found

Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.9 views

PT-2025-25421 · Unknown · Cyclone Matrix Trf Smart Keyless Entry System

Name of the Vulnerable Software and Affected Versions: Cyclone Matrix TRF Smart Keyless Entry System versions affected versions not specified Description: The issue concerns the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. Research was completed on the 202...

9.4CVSS6AI score0.00201EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.4 views

PT-2025-25420 · Unknown · Kia-Branded Aftermarket Generic Smart Keyless Entry System

Name of the Vulnerable Software and Affected Versions: KIA-branded Aftermarket Generic Smart Keyless Entry System versions 2022 through 2025 Description: The issue is related to the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. This affects KIA vehicles in...

9.4CVSS9.1AI score0.00642EPSS
Exploits0References21
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.3 views

KIA Aftermarket Generic Smart Keyless Entry System 安全漏洞

KIA Aftermarket Generic Smart Keyless Entry System is an automotive smart door locking system from KIA, a South Korean company. A security vulnerability exists in the KIA Aftermarket Generic Smart Keyless Entry System that stems from the use of fixed learning code, which could lead to replay...

9.4CVSS6.7AI score0.00642EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.7 views

CVE-2024-54140

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

2.1CVSS6.3AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:9 a.m.9 views

CVE-2023-50128

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

5.3CVSS7AI score0.00225EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:30 a.m.10 views

CVE-2023-26943

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...

6.5CVSS6.6AI score0.0018EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.8 views

CVE-2022-37305

The Remote Keyless Entry RKE receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unloc...

6.4CVSS7.1AI score0.00895EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.7 views

CVE-2022-36945

The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...

6.4CVSS7.1AI score0.00895EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/05 12:0 a.m.10 views

SoK: Stealing Cars since Remote Keyless Entry Introduction and How to Defend from It

Remote Keyless Entry RKE systems have been the target of thieves since their introduction in automotive industry. Robberies targeting vehicles and their remote entry systems are booming again without a significant advancement from the industrial sector being able to protect against them...

7.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/26 5:25 p.m.7 views

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

8CVSS7.1AI score0.00317EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/03/25 4:0 p.m.6 views

SUSE CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

5.8CVSS6.9AI score0.00317EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/24 4:38 p.m.44 views

CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

5.8CVSS0.00317EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/03/24 4:38 p.m.8 views

CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

5.8CVSS7.1AI score0.00317EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

Kyverno 授权问题漏洞

Kyverno is a policy engine designed for Kubernetes that is open sourced by Kyverno. An authorization issue vulnerability exists in versions prior to Kyverno 1.14.0-alpha.1 that stems from ignoring subjectRegExp and IssuerRegExp when verifying artifact signatures in keyless mode, which could lead ...

8CVSS5.2AI score0.00317EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/24 12:0 a.m.15 views

PT-2025-12664 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.14.0-alpha.1 Description: Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores the subjectRegExp and issuerRegExp fields when verifying...

9.8CVSS7.1AI score0.99098EPSS
Exploits23References48
Vulnrichment
Vulnrichment
added 2024/12/05 10:8 p.m.12 views

CVE-2024-54140 sigstore-java has a vulnerability with bundle verification

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

2.1CVSS7AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.5 views

PT-2024-36069 · Unknown · Sigstore-Java

Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to 1.2.0 Description: The issue is related to insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This affects clients using any variation of...

2.1CVSS7AI score0.00209EPSS
Exploits0References10
OSV
OSV
added 2024/11/26 6:41 p.m.15 views

CVE-2024-53267 Vulnerability with bundle verification in sigstore-java

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation...

5.5CVSS6.8AI score0.00097EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.8 views

PT-2024-35702 · Unknown · Sigstore-Java

Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to v1.1.0 Description: The issue is related to insufficient verification in sigstore-java for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log...

5.5CVSS7.1AI score0.00097EPSS
Exploits0References7
Wired Threat Level
Wired Threat Level
added 2024/05/22 2:0 p.m.12 views

Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever...

7.3AI score
Exploits0
Rows per page
Query Builder