Lucene search
K

579 matches found

Prion
Prion
added 2018/01/04 6:29 a.m.12 views

Stack overflow

On Samsung mobile devices with N7.x software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information PIN, password, or pattern. The Samsung ID is SVE-2017-10733...

9.3CVSS8.2AI score0.01797EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/01/04 6:0 a.m.16 views

CVE-2018-5210

On Samsung mobile devices with N7.x software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information PIN, password, or pattern. The Samsung ID is SVE-2017-10733...

8.3AI score0.01797EPSS
Exploits0References1
CVE
CVE
added 2018/01/04 6:0 a.m.41 views

CVE-2018-5210

CVE-2018-5210 affects Samsung mobile devices running Android N (7.x) with Exynos chipsets. The vulnerability is a Trustlet stack overflow in the TEE (Trusted Execution Environment) that can lead to arbitrary code execution within TEE, reported in conjunction with a brute-force attack to obtain un...

9.3CVSS8.2AI score0.01797EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/01/02 5:29 p.m.17 views

CVE-2017-1000412

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...

7.5CVSS7.5AI score0.01925EPSS
Exploits0References3
Prion
Prion
added 2018/01/02 5:29 p.m.16 views

Code injection

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...

5CVSS7.5AI score0.01925EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/01/02 5:29 p.m.18 views

CVE-2017-1000413

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...

5.9CVSS5.7AI score0.01565EPSS
Exploits0References3
Prion
Prion
added 2018/01/02 5:29 p.m.15 views

Code injection

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...

4.3CVSS5.7AI score0.01565EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/01/02 5:29 p.m.13 views

CVE-2017-1000413

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...

5.9CVSS6AI score
Exploits0References3
OSV
OSV
added 2018/01/02 5:29 p.m.15 views

CVE-2017-1000412

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...

7.5CVSS7.8AI score
Exploits0References3
Cvelist
Cvelist
added 2018/01/02 5:0 p.m.19 views

CVE-2017-1000412

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...

7.5AI score0.01925EPSS
Exploits0References3
CVE
CVE
added 2018/01/02 5:0 p.m.54 views

CVE-2017-1000412

OP-TEE (Linaro) versions 2.4.0 and older are vulnerable to a bellcore attack in the LibTomCrypt code, resulting in a compromised private RSA key. Root cause:LibTomCrypt usage within OP-TEE; affected component is the TEE implementation. Impact: potential exposure of private RSA keys. Exploitation ...

7.5CVSS7.5AI score0.01925EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/01/02 5:0 p.m.51 views

CVE-2017-1000413

CVE-2017-1000413 affects OP-TEE (Linaro) 2.4.0 and older. The root cause is a timing attack in the Montgomery portion of libMPA, enabling a compromised private RSA key. Documented impacts include potential exposure of private key material. Connected sources corroborate the same description; no ex...

5.9CVSS5.7AI score0.01565EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/01/02 5:0 p.m.21 views

CVE-2017-1000413

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...

5.7AI score0.01565EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/01/02 5:0 p.m.11 views

CVE-2017-1000412

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...

7.5CVSS7.5AI score0.01925EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/01/02 5:0 p.m.14 views

CVE-2017-1000413

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...

5.9CVSS5.8AI score0.01565EPSS
Exploits0
NVD
NVD
added 2017/11/22 7:29 p.m.21 views

CVE-2017-8142

The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...

9.3CVSS8AI score0.01067EPSS
Exploits0References1
Prion
Prion
added 2017/11/22 7:29 p.m.22 views

Design/Logic Flaw

The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...

9.3CVSS8AI score0.01067EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2017/11/22 7:0 p.m.57 views

CVE-2017-8142

CVE-2017-8142 affects Huawei Mate 9 and Mate 9 Pro devices, where the TEE module driver is vulnerable to a Use-After-Free (UAF). The issue occurs on software versions earlier than MHA-AL00BC00B221 and LON-AL00BC00B221. An attacker can entice a user to install a malicious app that spawns multiple ...

9.3CVSS8AI score0.01067EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/11/22 7:0 p.m.26 views

CVE-2017-8142

The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...

8AI score0.01067EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/08/04 12:0 a.m.48 views

Amazon Linux AMI : libtommath / libtomcrypt (ALAS-2017-864)

possible OP-TEE Bleichenbacher attack : The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public...

7.5CVSS7.3AI score0.00775EPSS
Exploits0References2
Rows per page
Query Builder