Integer overflow

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT...

Design/Logic Flaw

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...

CVE-2019-14089

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...

CVE-2019-14089

CVE-2019-14089 affects Qualcomm Snapdragon platforms (Kamorta, Nicobar, QCS404/610, Rennell, SA5x, SC7x, SDX55, SM6x/7x/8x, SXR2130) in multiple Snapdragon families. The vulnerability concerns Keymaster attestation key and device IDs provisioning, a one-time process that is incorrectly allowed to...

CVE-2019-10615

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT...

CVE-2019-10615

CVE-2019-10615 describes an integer overflow in keymaster 4 during memory allocation caused by multiplying a large numcerts value by the size of the keymaster blob, potentially leading to memory corruption on a wide set of Snapdragon-based devices (APQ8009/8017/8053/8096A U and many more). The is...

WordPress BBPress 2.5 Privilege Escalation

Exploit Title: Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Date: 2020-05-29 Exploit Author: Raphael Karger Software Link: https://codex.bbpress.org/releases/ Version: BBPress 2.5 CVE: CVE-2020-13693 import argparse import requests import bs4 import urllib3...

bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums list table

binit discovered a stored XSS issue via the forums list table. The payload is put and can only be triggered by accounts with the Keymaster bbPress role...

Samsung Mobile Device Encryption Issue Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices suffer from a cryptographic issue vulnerability that can be exploited by an attacker to launch a caching attack against Keymaster AES-GCM...

CVE-2018-21063

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.x Exynos chipsets software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 August 2018...

CVE-2018-21063

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.x Exynos chipsets software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 August 2018...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

Code injection

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.x Exynos chipsets software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 August 2018...

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

CVE-2018-21058

CVE-2018-21058 affects Samsung mobile devices running Android 7.0/8.0 on Exynos 7420/8890/8996. The issue enables cache attacks against the Keymaster AES-GCM implementation because T-Tables are used and the Cryptography Extension (CE) is not utilized. Samsung ID: SVE-2018-12761. No exploitation o...

CVE-2018-21063

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.x Exynos chipsets software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 August 2018...

CVE-2018-21063

Technical details about CVE-2018-21063 are not publicly available in the provided documents. Monitor for updates from vendors (e.g., Red Hat, CVE databases) and check for any new advisories or patches.

CVE-2019-20607

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ...

CVE-2019-20607

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ...