48 matches found
CVE-2022-37418
The Remote Keyless Entry RKE receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retain...
CVE-2022-36945
The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...
CVE-2022-37305
The Remote Keyless Entry RKE receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unloc...
Design/Logic Flaw
The Remote Keyless Entry RKE receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retain...
Design/Logic Flaw
The Remote Keyless Entry RKE receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unloc...
Design/Logic Flaw
The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...
CVE-2022-37418
The CVE-2022-37418 issue concerns the Remote Keyless Entry (RKE) receiving unit used in Nissan, Kia, and Hyundai vehicles through 2017. The vulnerability arises when an attacker captures two consecutive valid key fob signals over the radio, enabling a RollBack replay attack that allows the attack...
CVE-2022-37418
The Remote Keyless Entry RKE receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retain...
CVE-2022-37305
The Remote Keyless Entry RKE receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unloc...
CVE-2022-37305
Summary: CVE-2022-37305 affects Honda vehicles up to 2018 and concerns the Remote Keyless Entry (RKE) receiving unit. The root cause is a RollBack-like vulnerability where an attacker, after capturing five consecutive valid RKE signals transmitted over RF, can remotely unlock the vehicle and forc...
CVE-2022-36945
The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...
CVE-2022-36945
The CVE-2022-36945 entry concerns Mazda vehicles’ Remote Keyless Entry (RKE) receiving unit up to 2020. The root issue is a RollBack attack that, after three consecutive valid key-fob signals, allows a remote attacker to unlock and force resynchronization, with the attacker retaining unlock capab...
Remote Keyless Entry 安全漏洞
Remote Keyless Entry RKE is a system used to remotely lock and unlock a vehicle. A security vulnerability exists in Honda Remote Keyless Entry RKE that stems from allowing a remote attacker to perform an unlock operation and force a resynchronization, known as a rollback attack, after capturing...
PT-2022-23913 · Honda · Honda
Name of the Vulnerable Software and Affected Versions: Honda vehicles through 2018 Description: The issue allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, also known as a RollBack attack. This...
Remote Keyless Entry 安全漏洞
Remote Keyless Entry RKE is a system used to remotely lock and unlock a vehicle. The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles 2020 and prior versions has a security vulnerability that stems from a vulnerability that allows a remote attacker to perform an unlocking operati...
Remote Keyless Entry 安全漏洞
Remote Keyless Entry RKE is a system used to remotely lock and unlock a vehicle. A security vulnerability exists in Nissan, Kia, and Hyundai vehicles Remote Keyless Entry RKE, which stems from a vulnerability that allows a remote attacker to perform an unlock operation and force a resynchronizati...
PT-2022-23693 · Mazda · Mazda Vehicles
Name of the Vulnerable Software and Affected Versions: Mazda vehicles affected versions not specified Description: The issue concerns the Remote Keyless Entry RKE receiving unit, which allows remote attackers to perform unlock operations and force a resynchronization after capturing three...
CVE-2022-29173
The CVE-2022-29173 issue affects go-tuf, a Go implementation of The Update Framework (TUF). The root cause is rollback-attack vulnerabilities in the client workflow for non-root roles: the client may ignore previously trusted metadata and may treat timestamp/snapshot files as trusted before valid...
Amazon Linux 2 : openssl11 (ALAS-2021-1612)
The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1612 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases...
OpenSSL 1.0.2 < 1.0.2y Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2y. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2y advisory. - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial numb...