Skip to main content

Knox

4 CVEs product

Monthly

CVE-2017-5646 Maven MEDIUM PATCH This Month

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Apache Knox
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2016-3996 MEDIUM This Month

ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-1920 MEDIUM This Month

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Samsung Knox
NVD VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-1919 MEDIUM POC This Month

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
CVSS 3.0
4.7
EPSS
0.1%
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Apache Knox
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Samsung +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM POC This Month

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy