Lucene search
K

258 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 9:32 p.m.9 views

CVE-2004-2682

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...

5.8CVSS6.7AI score0.06393EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.203 views

Solstice Pod 5.5 / 6.2 Information Disclosure

Solstice Pod versions 5.5 and 6.2 expose sensitive information such as the session key, server version, product details, and display name via an unauthenticated API. Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwi...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2025/03/29 12:0 a.m.280 views

Solstice Pod 6.2 - API Session Key Extraction via API Endpoint

Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwin School Ethical Hackers Vendor Homepage: https://www.mersive.com/ Software Link: https://documentation.mersive.com/en/solstice/about-solstice.html Versions: 5.5, 6.2...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/19 2:25 p.m.8 views

CVE-2024-9055

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...

4.2CVSS7.2AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/03/17 2:15 p.m.11 views

CVE-2024-9055

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...

4.2CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/03/17 1:46 p.m.42 views

CVE-2024-9055

The CVE-2024-9055 entry concerns Silicon Labs’ Series 2 devices where DPA countermeasures are not reseeded periodically, potentially allowing key extraction via a DPA attack. According to the cited metrics, the vulnerability requires physical access, has a base score of 4.2 (Medium), with high co...

4.2CVSS7AI score0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/17 1:46 p.m.6 views

CVE-2024-9055 DPA Countermeasures need reseeding

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...

4.2CVSS4.5AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/17 1:46 p.m.12 views

CVE-2024-9055 DPA Countermeasures need reseeding

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...

4.2CVSS0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.5 views

Silicon Series 2 devices 安全漏洞

Silicon Series 2 devices are a family of devices from Silicon Corporation USA. A security vulnerability exists in Silicon Series 2 devices that stems from a DPA countermeasure that is not regularly reseeded, which could lead to key extraction via a DPA attack...

4.2CVSS6.6AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2014-5270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it...

2.1CVSS6.4AI score0.00531EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/02 12:20 a.m.8 views

CVE-2024-44754

Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...

6.8CVSS6.9AI score0.00208EPSS
Exploits0
NVD
NVD
added 2025/02/28 4:15 p.m.12 views

CVE-2024-44754

Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...

6.8CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/02/28 12:0 a.m.52 views

CVE-2024-44754

CVE-2024-44754 affects Minut M2 hardware (firmware version #15142). The issue is described as cryptographic key extraction from the device’s internal flash, enabling physically proximate attackers to inject modified firmware into other Minut M2 units via USB. The reported CVSSv3.1 base metrics in...

6.8CVSS7AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/28 12:0 a.m.6 views

CVE-2024-44754

Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...

7.2AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/28 12:0 a.m.12 views

CVE-2024-44754

Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...

0.00208EPSS
Exploits0References1
Veracode
Veracode
added 2025/02/17 8:30 a.m.8 views

Information Disclosure

Elliptic is vulnerable to Information Disclosure. The vulnerability is due to inadequate input validation in the ECDSA signing process. Specifically, the system accepts malformed inputs like strings or numbers without proper checks, which allows an attacker to craft input that can lead to the...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/12 7:47 p.m.374 views

Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)

Summary Private key can be extracted from ECDSA signature upon signing a malformed input e.g. a string or a number, which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code:...

7.2AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/02/12 7:47 p.m.1 views

Information Exposure

Overview org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Information Exposure due to the sign function which allows an attacker to extract the private key from an ECDSA signature by signing a...

9CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/02/12 7:47 p.m.3 views

GHSA-VJH7-7G9H-FJFH Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)

Summary Private key can be extracted from ECDSA signature upon signing a malformed input e.g. a string or a number, which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code:...

9CVSS5.7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 11:56 a.m.7 views

CVE-2024-7389

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make...

7.5CVSS6.5AI score0.00658EPSS
Exploits1References1
Rows per page
Query Builder