20 matches found
CVE-2024-0042
In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2017-13309
In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-32911
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-32911
There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-32911
CVE-2024-32911 affects Google Pixel devices, specifically the Modem component. The issue stems from improper use of crypto, enabling remote elevation of privilege with no user interaction. The Pixel Update Bulletin lists this CVE under the Pixel firmware/Modem category and indicates that patch le...
PT-2024-24965 · Google · Android +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a possible escalation of privilege due to improperly used crypto, which could lead to remote escalation of privilege with no addition...
RHEL 6 : kdebase-runtime (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - kwallet: crypto misuse CVE-2013-7252 Note that Nessus has not tested for this issue but has instead relied on the...
ASB-A-312543200
In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2024-19147 · Google · Android
Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to an Authentication Bypass due to improperly used crypto, which could lead to local escalation of privilege with no additional execution privileges needed. User interactio...
PUB-A-310053150
In TBD of TBD, there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40082
In modifyfornextstage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-18134 · Google · Uwb
Name of the Vulnerable Software and Affected Versions: UWB Google affected versions not specified Description: The issue allows a malicious app to masquerade as the system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no...
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2023-17907 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-12L Description: The issue is related to improperly used crypto in the btm sec encrypt change function of btm sec.cc. This could lead to a paired device escalation of privilege with no additional...
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
okhttp: information disclosure via improperly used cryptographic function
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...
SUSE CVE-2022-20117
In TBD of TBD, there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
Unisys Messaging Integration Services 授权问题漏洞
Unisys Messaging Integration Services Ntsi is a messaging-based interface between two programs from Unisys, Inc. A security vulnerability exists in Unisys Messaging Integration Services Ntsi, which stems from a network system or product that does not The vulnerability is caused by a network syste...
Fedora 20 : kde-runtime-4.14.3-3.fc20 (2015-0564)
Pull in upstream fixes for: CVE-2013-7252 kwallet: crypto misuse, and kiosftp corruption Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora 21 : kde-runtime-4.14.3-3.fc21 (2015-0569)
Pull in upstream fixes for: CVE-2013-7252 kwallet: crypto misuse, and kiosftp corruption Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...