CVE-2024-21981

Improper key usage control in AMD Secure Processor ASP may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity...

CVE-2024-21981

Improper key usage control in AMD Secure Processor ASP may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity...

CVE-2024-21981

CVE-2024-21981 – AMD Secure Processor (ASP) concerns an improper key usage control in ASP. An attacker with local access and arbitrary code execution in ASP could extract ASP cryptographic keys, threatening confidentiality and integrity. Connected AMD advisories list affected ASP/PSP components a...

Browser-based Application's Page Fails to Load With: ERR_SSL_KEY_USAGE_INCOMPATIBLE

Article Applicability The error discussed in this article is caused by a misconfiguration of the website's certificate. Specifically, the ERRSSLKEYUSAGEINCOMPATIBLE error occurs when the certificate used by a website has a KeyUsage value defined, but it does not include "Digital Signature" and...

openNDS Security Vulnerabilities

openNDS is a high-performance, small footprint portal system from openNDS open source. A security vulnerability exists in versions prior to openNDS 10.1.2 that originates from allowing a user to skip the startup page sequence when the default FAS key is used and OpenNDS is configured for FAS...

GHSA-HX74-4WMC-FWVF Duplicate Advisory: EVE Has Partially Predetermined Vault Key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

PT-2023-27207 · Unknown · Uthenticode

Name of the Vulnerable Software and Affected Versions: uthenticode versions prior to 2.x Description: The issue concerns uthenticode, a library for partially verifying Authenticode digital signatures. It does not check Extended Key Usages in certificates, which is against the Authenticode X.509...

uthenticode security breach

Authenticode is Trail of Bits open source a small cross-platform library . Used to partially verify Authenticode digital signatures . A security vulnerability exists in versions prior to uthenticode 2.0.0 , the vulnerability stems from not checking the extended key usage in the certificate ,...

GHSA-JJGP-WHRP-GQ8M in-toto: PGP trust model not (fully) considered

Impact This security advisory lists multiple concerns about how in-toto uses PGP keys. The findings are aggregated here, because they are all eligible to the same mitigation strategy. Note that the findings are rated with different severities see inline and the highest score was chosen for this...

PT-2023-33040 · Gnupg +1 · Gnupg +1

Name of the Vulnerable Software and Affected Versions: in-toto affected versions not specified Description: The issue concerns how in-toto uses PGP keys, specifically with regards to the validation of key creation time, consideration of key revocation, and checking of key usage flags. An attacker...

SUSE CVE-2013-5606

The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...

SUSE CVE-2020-14039

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements if VerifyOptions.Roots equals nil and the installation is on Windows. Thus, X.509 certificate verification is incomplete...

SUSE CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

PT-2022-15012 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue concerns Envoy, an open source edge and service proxy designed for cloud-native applications. In affected versions, Envoy does not restrict the set of certificates it accepts from t...

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in...

In Go before 1.13.13 and 1.14.x before 1.14.5 Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus X.509 certificate verification is incomplete.

...

AZL-79080 CVE-2020-14039 affecting package golang 1.25.7-1

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements if VerifyOptions.Roots equals nil and the installation is on Windows. Thus, X.509 certificate verification is incomplete...

Design/Logic Flaw

Wrong public key usage from existing oemkeystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905,...

Certain HTTPS sites cannot be opened in Firefox after you install update 2965142 in Windows 8.1 or Windows RT 8.1

Certain HTTPS sites cannot be opened in Firefox after you install update 2965142 in Windows 8.1 or Windows RT 8.1 This article describes an update for Microsoft Family Safety. Prior to installing this update, Windows Update will verify that mandatory update 2919355 has been installed on your...