Lucene search
+L

43 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-18628

Malware in sbrugna...

4.9CVSS5.7AI score0.00151EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-33232

Malicious code in bioql PyPI...

4.4CVSS5AI score0.00209EPSS
Exploits0References1
ossf
ossf
added 2025/08/14 6:52 p.m.4 views

Malicious code in schibsted-strongbox (npm)

The package schibsted-strongbox was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.4 views

MAL-2025-32788 Malicious code in schibsted-strongbox (npm)

The package schibsted-strongbox was found to contain malicious code...

7.2AI score
Exploits0
redhatcve
redhatcve
added 2025/05/22 10:43 p.m.8 views

CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

4.4CVSS7AI score0.00209EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:24 a.m.3 views

CVE-2019-9253

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

4.9CVSS6.1AI score0.00151EPSS
Exploits0References1
github
github
added 2023/02/16 2:12 p.m.22 views

Privilege escalation in Strongbox

Impact An attacker with read-only access to a Strongbox secret could craft a valid encrypted secret same id/version. It also makes the audit logs from KMS less useful. The issue is caused by a bug in the underlying AWS Encryption SDK. By default, the encrypted secrets are stored in DynamoDB and a...

0.7AI score
Exploits0References3Affected Software1
osv
osv
added 2023/02/16 2:12 p.m.20 views

GHSA-MHGM-52VG-PVVC Privilege escalation in Strongbox

Impact An attacker with read-only access to a Strongbox secret could craft a valid encrypted secret same id/version. It also makes the audit logs from KMS less useful. The issue is caused by a bug in the underlying AWS Encryption SDK. By default, the encrypted secrets are stored in DynamoDB and a...

6.6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2023/02/16 12:0 a.m.2 views

PT-2023-33043 · Amazon · Aws Encryption Sdk +2

Name of the Vulnerable Software and Affected Versions: Strongbox versions prior to 0.5.0 Description: The issue allows an attacker with read-only access to a Strongbox secret to craft a valid encrypted secret, which also affects the usefulness of audit logs from KMS. This is caused by a bug in th...

6.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2022/06/15 12:0 a.m.3 views

PT-2022-14457

Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a possible out of bounds write due to an incorrect bounds check in the param find digests internal and related functions of the Titan-M source. This could lead to local escalation of privilege...

7.2CVSS7.4AI score0.00128EPSS
Exploits0References12
cnvd
cnvd
added 2022/05/16 12:0 a.m.25 views

Samsung Galaxy S22 StrongBox Status Maintenance Error Vulnerability

Samsung Galaxy S22 is a smartphone product released on February 9, 2022 by Samsung. The Samsung Galaxy S22 StrongBox suffers from a State Maintenance Error vulnerability that stems from incorrect StrongBox state maintenance. An attacker can exploit the vulnerability to change the Android ROT duri...

4.4CVSS6.7AI score0.00209EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/05/03 8:15 p.m.4 views

CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

4.4CVSS5.9AI score0.00209EPSS
Exploits0References2
prion
prion
added 2022/05/03 8:15 p.m.20 views

Design/Logic Flaw

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

2.1CVSS4.8AI score0.00209EPSS
Exploits0References1
cvelist
cvelist
added 2022/05/03 7:44 p.m.20 views

CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

4.4CVSS5.1AI score0.00209EPSS
Exploits0References1
cve
cve
added 2022/05/03 7:44 p.m.79 views

CVE-2022-28793

The CVE-2022-28793 entry describes a vulnerability in Samsung Galaxy S22 StrongBox where improper state maintenance allows an attacker who compromises the TEE to alter the Android ROT during boot. Affected component: StrongBox state maintenance logic. Impact: potential change of Android ROT at bo...

4.4CVSS4.8AI score0.00209EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2022/05/03 12:0 a.m.5 views

Samsung Galaxy S3 代码问题漏洞

Samsung Galaxy S22 is a smartphone product released on February 9, 2022 by Samsung. The Samsung Galaxy S22 StrongBox suffers from a State Maintenance Error vulnerability that stems from incorrect StrongBox state maintenance. An attacker can exploit the vulnerability to change the Android ROT duri...

4.4CVSS5.3AI score0.00209EPSS
Exploits0References2
nvd
nvd
added 2019/09/27 7:15 p.m.14 views

CVE-2019-9253

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

4.9CVSS4.3AI score0.00151EPSS
Exploits0References1
osv
osv
added 2019/09/27 7:15 p.m.3 views

CVE-2019-9253

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

4.4CVSS6.5AI score0.00151EPSS
Exploits0References1
prion
prion
added 2019/09/27 7:15 p.m.14 views

Information disclosure

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

4.9CVSS4.9AI score0.00151EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/09/27 6:5 p.m.16 views

CVE-2019-9253

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

5.1AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder