258 matches found
CVE-2004-2682
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...
Solstice Pod 5.5 / 6.2 Information Disclosure
Solstice Pod versions 5.5 and 6.2 expose sensitive information such as the session key, server version, product details, and display name via an unauthenticated API. Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwi...
Solstice Pod 6.2 - API Session Key Extraction via API Endpoint
Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwin School Ethical Hackers Vendor Homepage: https://www.mersive.com/ Software Link: https://documentation.mersive.com/en/solstice/about-solstice.html Versions: 5.5, 6.2...
CVE-2024-9055
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055
The CVE-2024-9055 entry concerns Silicon Labs’ Series 2 devices where DPA countermeasures are not reseeded periodically, potentially allowing key extraction via a DPA attack. According to the cited metrics, the vulnerability requires physical access, has a base score of 4.2 (Medium), with high co...
CVE-2024-9055 DPA Countermeasures need reseeding
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
CVE-2024-9055 DPA Countermeasures need reseeding
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
Silicon Series 2 devices 安全漏洞
Silicon Series 2 devices are a family of devices from Silicon Corporation USA. A security vulnerability exists in Silicon Series 2 devices that stems from a DPA countermeasure that is not regularly reseeded, which could lead to key extraction via a DPA attack...
Linux Distros Unpatched Vulnerability : CVE-2014-5270
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it...
CVE-2024-44754
Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...
CVE-2024-44754
Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...
CVE-2024-44754
CVE-2024-44754 affects Minut M2 hardware (firmware version #15142). The issue is described as cryptographic key extraction from the device’s internal flash, enabling physically proximate attackers to inject modified firmware into other Minut M2 units via USB. The reported CVSSv3.1 base metrics in...
CVE-2024-44754
Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...
CVE-2024-44754
Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...
Information Disclosure
Elliptic is vulnerable to Information Disclosure. The vulnerability is due to inadequate input validation in the ECDSA signing process. Specifically, the system accepts malformed inputs like strings or numbers without proper checks, which allows an attacker to craft input that can lead to the...
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Summary Private key can be extracted from ECDSA signature upon signing a malformed input e.g. a string or a number, which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code:...
Information Exposure
Overview org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Information Exposure due to the sign function which allows an attacker to extract the private key from an ECDSA signature by signing a...
GHSA-VJH7-7G9H-FJFH Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Summary Private key can be extracted from ECDSA signature upon signing a malformed input e.g. a string or a number, which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code:...
CVE-2024-7389
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make...