CVE-2024-31955

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information.

Related Vulnerabilities

CVE-2017-18918

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

CWE-2952017

CVE-2020-12143

MEDIUM
CVSS:4.9(Medium)

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

CWE-2952020

CVE-2020-12144

MEDIUM
CVSS:4.9(Medium)

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted...

CWE-2952020

CVE-2005-3170

MEDIUM
CVSS:5.0(Medium)

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which cou...

CWE-2952005

CVE-2022-27644

MEDIUM
CVSS:5.0(Medium)

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not...

CWE-2952022

CVE-2017-2387

MEDIUM
CVSS:4.8(Medium)

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta...

CWE-2952017