1401 matches found
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their cybersecurity strategy has changed over the past two years." This stagnation in strategy adaptation can be traced back to several key...
CVE-2023-38021
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
CVE-2023-38023
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in sconedispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."...
CVE-2023-38023
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in sconedispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."...
CVE-2023-38021
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
CVE-2023-38021
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
Design/Logic Flaw
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
CVE-2023-38021
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
SCONE Confidential Computing Platform Security Vulnerability
SCONE Confidential Computing Platform is an open source platform for implementing confidential computing from SCONE, Germany. A security vulnerability exists in SCONE Confidential Computing Platform versions prior to 5.8.0, which stems from a lack of pointer alignment logic in functions such as...
CVE-2023-38023
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in sconedispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."...
Fortanix EnclaveOS Confidential Computing Manager Platform Security Vulnerability
Fortanix EnclaveOS Confidential Computing Manager Platform is a cloud-native service from Fortanix, Inc. that provides a complete solution for confidential computing in the cloud and in local workloads. A security vulnerability exists in Fortanix EnclaveOS Confidential Computing Manager Platform...
PT-2023-26250 · Intel · Intel Sgx
Name of the Vulnerable Software and Affected Versions: SCONE Confidential Computing Platform versions prior to 5.8.0 Description: An issue was discovered in the SCONE Confidential Computing Platform, where the lack of pointer-alignment logic in scone dispatch and other entry functions allows a...
PT-2023-26248 · Fortanix +1 · Fortanix Enclaveos Confidential Computing Manager (Ccm) Platform +1
Name of the Vulnerable Software and Affected Versions: Fortanix EnclaveOS Confidential Computing Manager CCM Platform versions prior to 3.32 for Intel SGX Description: An issue was discovered in the Fortanix EnclaveOS Confidential Computing Manager CCM Platform, which relates to a lack of...
GHSA-R24F-HG58-VFRW unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::writeunaligned. In platforms with sub-64bit alignment for usize including wasm32 and x86 these writes are insufficiently aligned some of the time. If using an ordinary optimiz...
RUSTSEC-2023-0075 Unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::writeunaligned. In platforms with sub-64bit alignment for usize including wasm32 and x86 these writes are insufficiently aligned some of the time. If using an ordinary optimiz...
Unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::writeunaligned. In platforms with sub-64bit alignment for usize including wasm32 and x86 these writes are insufficiently aligned some of the time. If using an ordinary optimiz...
PT-2023-9555 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's mhi component, where an unaligned read pointer in the event ring could lead to multiple issues like Denial of Service DoS or ring buffer memo...
kernel: x86/sev: Make enc_dec_hypercall() accept a size instead of npages
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Make encdechypercall accept a size instead of npages encdechypercall accepted a page count instead of a size, which forced its callers to round up. As a result, non-page aligned vaddrs caused pages to be spuriously marke...
Incorrect fee splitting logic
Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...