Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crypto vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45779
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More ...
Google Android -
NA
CVE-2023-40082
In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Google Android 14.0
NA
CVE-2023-20095
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. This vu...
Cisco Adaptive Security Appliance Software 9.16.1
Cisco Adaptive Security Appliance Software 9.8.2
Cisco Adaptive Security Appliance Software 9.8.3.18
Cisco Adaptive Security Appliance Software 9.8.3.26
Cisco Adaptive Security Appliance Software 9.12.2
Cisco Adaptive Security Appliance Software 9.8.2.24
Cisco Adaptive Security Appliance Software 9.8.3.16
Cisco Adaptive Security Appliance Software 9.8.4.29
Cisco Adaptive Security Appliance Software 9.12.2.5
Cisco Adaptive Security Appliance Software 9.12.4.4
Cisco Adaptive Security Appliance Software 9.8.2.20
Cisco Adaptive Security Appliance Software 9.8.4
Cisco Adaptive Security Appliance Software 9.8.4.26
Cisco Adaptive Security Appliance Software 9.14.1.30
Cisco Adaptive Security Appliance Software 9.14.1.15
Cisco Adaptive Security Appliance Software 9.8.2.26
Cisco Adaptive Security Appliance Software 9.8.2.28
Cisco Adaptive Security Appliance Software 9.8.2.33
Cisco Adaptive Security Appliance Software 9.8.2.35
Cisco Adaptive Security Appliance Software 9.8.2.38
Cisco Adaptive Security Appliance Software 9.8.4.8
Cisco Adaptive Security Appliance Software 9.8.4.10
NA
CVE-2023-21358
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl...
Google Android 14.0
NA
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an malicious user to construct signatures that c...
Browserify Browserify-sign
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-5139
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
Zephyrproject Zephyr
NA
CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic h...
Crypto-js Project Crypto-js
NA
CVE-2023-44273
Consensys gnark-crypto up to and including 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
Consensys Gnark-crypto
NA
CVE-2023-20109
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affec...
Cisco Ios 15.2\\(4\\)ea
Cisco Ios 15.4\\(2\\)s2
Cisco Ios 15.0\\(2\\)ex4
Cisco Ios 15.1\\(3\\)s4
Cisco Ios 15.3\\(2\\)s1
Cisco Ios 15.1\\(1\\)s
Cisco Ios 15.1\\(2\\)sy10
Cisco Ios 12.4\\(22\\)mda6
Cisco Ios 15.5\\(1\\)t1
Cisco Ios 15.4\\(2\\)s4
Cisco Ios 15.2\\(2\\)e5b
Cisco Ios 15.0\\(1\\)xa
Cisco Ios 15.3\\(2\\)s
Cisco Ios 15.2\\(2\\)sy
Cisco Ios 12.4\\(24\\)mda10
Cisco Ios 15.6\\(2\\)sp2
Cisco Ios 15.6\\(2\\)t3
Cisco Ios 15.1\\(3\\)mra1
Cisco Ios 15.6\\(1\\)t2
Cisco Ios 15.2\\(3\\)e2
Cisco Ios 12.4\\(22\\)xr12
Cisco Ios 12.4\\(24\\)mdb15
NA
CVE-2023-39321
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
Golang Go
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »