Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1545 matches found

OSV
OSVadded 2018/02/12 7:29 p.m.3 views

CVE-2017-13236

In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699...

7.8CVSS5.9AI score0.00559EPSS
Exploits2References3
Prion
Prionadded 2018/02/12 7:29 p.m.12 views

Design/Logic Flaw

In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699...

4.6CVSS7.7AI score0.00559EPSS
Exploits2References3Affected Software1
NVD
NVDadded 2018/02/12 7:29 p.m.25 views

CVE-2017-13236

In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699...

7.8CVSS7.3AI score0.00559EPSS
Exploits2References3
CVE
CVEadded 2018/02/12 7:0 p.m.64 views

CVE-2017-13236

CVE-2017-13236 affects the Android KeyStore service (Android 8.0/8.1). The issue is a permissions bypass in KeyStore that can grant access to protected resources, enabling local elevation of privilege with system execution privileges required. Exploitation is local and does not require user inter...

7.8CVSS7.6AI score0.00559EPSS
Exploits2References3Affected Software1
Cvelist
Cvelistadded 2018/02/12 7:0 p.m.23 views

CVE-2017-13236

In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699...

7.8AI score0.00559EPSS
Exploits2References3
exploitpack
exploitpackadded 2018/02/07 12:0 a.m.29 views

Android - getpidcon Permission Bypass in KeyStore Service

Android - getpidcon Permission Bypass in KeyStore Service The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many...

0.6AI score
Exploits0
0day.today
0day.todayadded 2018/02/07 12:0 a.m.56 views

Android - getpidcon Permission Bypass in KeyStore Service Vulnerability

Exploit for Android platform in category dos / poc The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux...

4.6CVSS0.4AI score0.00559EPSS
Exploits2
Exploit DB
Exploit DBadded 2018/02/07 12:0 a.m.109 views

Android - 'getpidcon' Permission Bypass in KeyStore Service

The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also...

7.4AI score
Exploits0
CNVD
CNVDadded 2018/02/06 12:0 a.m.4 views

Google Android System Component Elevation of Privilege Vulnerability (CNVD-2018-03846)

Android is the United States Google Google and the Open Handheld Alliance referred to as OHA jointly developed a set of Linux-based open source operating system. keyStore service is one of the Java data certificate management service. An elevation of privilege vulnerability exists in the KeyStore...

7.8CVSS7.5AI score0.00559EPSS
Exploits2References1
0day.today
0day.todayadded 2017/12/29 12:0 a.m.50 views

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...

6.6AI score
Exploits0
Packet Storm
Packet Stormadded 2017/12/28 12:0 a.m.57 views

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions

/ Exploit Title: HP Insight Control for VMware vCenter Server Multiple Vulnerabilities Date: 11/05/2014 Author: Glafkos Charalambous Version: 7.3 Vendor: HP Vendor URL: http://www.hpe.com HP Case: SSRT101619 Product Description: HP Insight Control for VMware vCenter Server Insight Control for...

0.2AI score
Exploits0
OpenVAS
OpenVASadded 2017/11/30 12:0 a.m.45 views

Ubuntu: Security Advisory (USN-3497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7AI score0.16181EPSS
Exploits2References2
Ubuntu
Ubuntuadded 2017/11/29 7:41 a.m.104 views

USN-3497-1: OpenJDK 7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

9.6CVSS6.5AI score0.16181EPSS
Exploits2
hackapp
hackappadded 2017/11/26 8:10 p.m.549 views

Eurowings - cheap flights - Dangerous filesystem permissions, Insecure KeyStore, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Eurowings - cheap flights published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linuxadded 2017/10/20 11:31 a.m.2 views

OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS7.3AI score0.02442EPSS
Exploits0References4
rapid7community
rapid7communityadded 2017/08/09 8:47 p.m.175 views

Multiple Vulnerabilities Affecting Four Rapid7 Products

Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding the...

6.8CVSS7.6AI score0.01476EPSS
Exploits0
OSV
OSVadded 2017/08/01 2:29 p.m.1 views

CVE-2017-11129

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

9.8CVSS5.8AI score0.01103EPSS
Exploits0References1
NVD
NVDadded 2017/08/01 2:29 p.m.15 views

CVE-2017-11129

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

9.8CVSS9.3AI score0.01103EPSS
Exploits0References1
Prion
Prionadded 2017/08/01 2:29 p.m.15 views

Hardcoded credentials

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

7.5CVSS9.2AI score0.01103EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2017/08/01 2:0 p.m.21 views

CVE-2017-11129

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

9.3AI score0.01103EPSS
Exploits0References1
Rows per page
Query Builder