43 matches found
EUVD-2019-18628
Malware in sbrugna...
EUVD-2022-33232
Malicious code in bioql PyPI...
Malicious code in schibsted-strongbox (npm)
The package schibsted-strongbox was found to contain malicious code...
MAL-2025-32788 Malicious code in schibsted-strongbox (npm)
The package schibsted-strongbox was found to contain malicious code...
CVE-2022-28793
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...
CVE-2019-9253
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...
Privilege escalation in Strongbox
Impact An attacker with read-only access to a Strongbox secret could craft a valid encrypted secret same id/version. It also makes the audit logs from KMS less useful. The issue is caused by a bug in the underlying AWS Encryption SDK. By default, the encrypted secrets are stored in DynamoDB and a...
GHSA-MHGM-52VG-PVVC Privilege escalation in Strongbox
Impact An attacker with read-only access to a Strongbox secret could craft a valid encrypted secret same id/version. It also makes the audit logs from KMS less useful. The issue is caused by a bug in the underlying AWS Encryption SDK. By default, the encrypted secrets are stored in DynamoDB and a...
PT-2023-33043 · Amazon · Aws Encryption Sdk +2
Name of the Vulnerable Software and Affected Versions: Strongbox versions prior to 0.5.0 Description: The issue allows an attacker with read-only access to a Strongbox secret to craft a valid encrypted secret, which also affects the usefulness of audit logs from KMS. This is caused by a bug in th...
PT-2022-14457
Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a possible out of bounds write due to an incorrect bounds check in the param find digests internal and related functions of the Titan-M source. This could lead to local escalation of privilege...
Samsung Galaxy S22 StrongBox Status Maintenance Error Vulnerability
Samsung Galaxy S22 is a smartphone product released on February 9, 2022 by Samsung. The Samsung Galaxy S22 StrongBox suffers from a State Maintenance Error vulnerability that stems from incorrect StrongBox state maintenance. An attacker can exploit the vulnerability to change the Android ROT duri...
CVE-2022-28793
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...
Design/Logic Flaw
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...
CVE-2022-28793
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...
CVE-2022-28793
The CVE-2022-28793 entry describes a vulnerability in Samsung Galaxy S22 StrongBox where improper state maintenance allows an attacker who compromises the TEE to alter the Android ROT during boot. Affected component: StrongBox state maintenance logic. Impact: potential change of Android ROT at bo...
Samsung Galaxy S3 代码问题漏洞
Samsung Galaxy S22 is a smartphone product released on February 9, 2022 by Samsung. The Samsung Galaxy S22 StrongBox suffers from a State Maintenance Error vulnerability that stems from incorrect StrongBox state maintenance. An attacker can exploit the vulnerability to change the Android ROT duri...
CVE-2019-9253
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...
CVE-2019-9253
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...
Information disclosure
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...
CVE-2019-9253
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...