674 matches found
CVE-2021-25490
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
Code injection
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
CVE-2021-25490
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2021 Release 1, which stems from a keyblob degradation attack in keymaster...
PT-2021-16680 · Keymaster · Keymaster
Name of the Vulnerable Software and Affected Versions: keymaster versions prior to SMR Oct-2021 Release 1 Description: A keyblob downgrade attack in keymaster allows an attacker to trigger an IV reuse issue with a privileged process. Recommendations: For versions prior to SMR Oct-2021 Release 1,...
Google Android 安全漏洞
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handset Alliance OHA. an elevation of privilege vulnerability exists in the Framework component of Google Android. An attacker could exploit this vulnerability to execute arbitrary code in the context of a...
Google Android 缓冲区错误漏洞
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handset Alliance OHA. an elevation of privilege vulnerability exists in the Framework component of Google Android. An attacker could exploit this vulnerability to execute arbitrary code in the context of a...
CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
Privilege escalation
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
CVE-2021-0646
In sqlite3strvappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is n...
CVE-2021-25444
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...
Design/Logic Flaw
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...
CVE-2021-25444
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...
SAMSUNG Mobile devices 安全特征问题特征问题漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security signature issue vulnerability exists in SAMSUNG Mobile devices SMR prior to AUG-2021 Release 1, which stems from an IV reuse vulnerability in keymaste...
kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...
Google Android System Remote Code Execution Vulnerability (CNVD-2021-44329)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the System component of Google Android. An attacker can exploit this vulnerability to execute arbitrary code in the...
CVE-2021-31728
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook...
Google Android 缓冲区错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the System component of Google Android. An attacker can exploit this vulnerability to execute arbitrary code in the...
CVE-2021-0437
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9...
ASB-A-176168330
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation...