Lucene search
+L

132 matches found

NVD
NVD
added 2024/08/13 5:15 p.m.9 views

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity...

3.9CVSS0.00146EPSS
Exploits0References2
CVE
CVE
added 2024/08/13 4:50 p.m.50 views

CVE-2021-46746

CVE-2021-46746 : The AMD ASP/TEE stack protection gap allows a privileged attacker with access to AMD signing keys to corrupt the return address via a stack-based buffer overrun, potentially causing a denial of service. This aligns with AMD’s CVE entry (base score 5.2, local access, high attack c...

5.2CVSS7.2AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 4:50 p.m.44 views

CVE-2021-26387

CVE-2021-26387 describes insufficient access controls in the AMD ASP kernel that could allow a privileged attacker with access to AMD signing keys and BIOS/UEFI shell to map DRAM regions into protected areas, risking platform integrity. Public documents indicate this CVE is tracked within AMD sec...

3.9CVSS7AI score0.00146EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/13 4:50 p.m.10 views

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity...

3.9CVSS6.7AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/13 4:50 p.m.17 views

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity...

3.9CVSS0.00146EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/04/01 3:30 a.m.60 views

Withdrawn: JJWT improperly generates signing keys

Withdrawn Advisory This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Description JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The...

6.8CVSS6.6AI score0.00776EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2024/03/25 6:35 p.m.5 views

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

4.7CVSS7.2AI score0.00411EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:53 a.m.19 views

BIT-GRADLE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...

8.1CVSS8.1AI score0.0077EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/17 5:57 p.m.4 views

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

4.7CVSS7.3AI score0.00411EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 2:15 p.m.6 views

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

4.7CVSS7.3AI score0.00411EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 9:7 a.m.6 views

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

4.7CVSS7.3AI score0.00411EPSS
Exploits0References5
Fedora
Fedora
added 2023/12/06 1:47 a.m.15 views

[SECURITY] Fedora 38 Update: keyring-ima-signer-0.1.0-11.fc38

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

7AI score
Exploits0
Fedora
Fedora
added 2023/12/06 1:40 a.m.13 views

[SECURITY] Fedora 39 Update: keyring-ima-signer-0.1.0-11.fc39

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

7AI score
Exploits0
NCSC
NCSC
added 2023/05/10 12:0 a.m.7 views

Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI

In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/08 3:23 p.m.32 views

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/08 3:23 p.m.3 views

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2023/04/30 12:30 p.m.27 views

Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...

7.3AI score
Exploits0References9
OSV
OSV
added 2023/01/05 10:15 p.m.6 views

CVE-2022-3927

The affected products store both public and private key that are used to sign and protect Custom Parameter Set CPS file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This iss...

9.8CVSS5.8AI score0.00569EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.5 views

Hitachi FOXMAN-UN 信任管理问题漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN, which stems from the fact that it contains public and private keys used to sign and protect Custom Parameter Sets CPS files from modification, allowing ...

9.8CVSS8.3AI score0.00569EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2022/12/08 12:8 p.m.24 views

Leaked Signing Keys Are Being Used to Sign Malware

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Googles Android Security Team, has a post on the Android Partner Vulnerability Initiative AVPI issue tracker detailing leaked platform certificate keys...

0.9AI score
Exploits0
Rows per page
Query Builder