228 matches found
EUVD-2022-51010
Malicious code in bioql PyPI...
EUVD-2023-36367
Malicious code in bioql PyPI...
Rethinking HSM and TPM Security in the Cloud: Real-World Attacks and Next-Gen Defenses
As organizations rapidly migrate to the cloud, the security of cryptographic key management has become a growing concern. Hardware Security Modules HSMs and Trusted Platform Modules TPMs, traditionally seen as the gold standard for securing encryption keys and digital trust, are increasingly...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the cert.NewLeaf function. An attacker can obtain sensitive private key material by intercepting certificates transmitted in plaintext during a TLS handshake, allowing impersonation of eith...
CVE-2023-32096
Compiler removal of buffer clearing in slicryptotransparentaeadencrypttag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM...
CVE-2023-32098
Compiler removal of buffer clearing in slisesignmessage in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM...
CVE-2023-32099
Compiler removal of buffer clearing in slisesignhash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM...
CVE-2023-32097
Compiler removal of buffer clearing in slicryptotransparentaeaddecrypttag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM...
CVE-2023-0965
Compiler removal of buffer clearing in slicryptoacctransparentkeyagreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM...
CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
CVE-2023-2481
Compiler removal of buffer clearing in sliseopaqueimportkey in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM...
CVE-2021-23204
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3...
CVE-2020-11198
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...
CVE-2020-12926
The Trusted Platform Modules TPM reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device...
CVE-2024-54134
CVE-2024-54134 affects the Solana JavaScript library solana/web3.js, specifically versions 1.95.6 and 1.95.7. A publish-access account was compromised, enabling attackers to publish unauthorized malicious packages that could exfiltrate private key material and drain funds from dapps that handle p...
SUSE CVE-2024-42098
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...
DEBIAN-CVE-2024-42155
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...
UBUNTU-CVE-2024-42155
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...
CVE-2024-42155 s390/pkey: Wipe copies of protected- and secure-keys
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...