13 matches found
CVE-2024-2502
An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event a tamper reset occurs. This impacts Series 2 HSE-SVH...
EUVD-2025-6586
Malicious code in bioql PyPI...
EUVD-2024-27451
Malicious code in bioql PyPI...
CVE-2025-3301 DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...
CVE-2025-3301 DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...
CVE-2024-9055
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055 DPA Countermeasures need reseeding
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055 DPA Countermeasures need reseeding
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055
The CVE-2024-9055 entry concerns Silicon Labs’ Series 2 devices where DPA countermeasures are not reseeded periodically, potentially allowing key extraction via a DPA attack. According to the cited metrics, the vulnerability requires physical access, has a base score of 4.2 (Medium), with high co...
GitLab: Login email verification bypass via `/oauth/token`.
Vulnerability description not provided...
Directory traversal
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow...
CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...