6 matches found
CVE-2026-48501
A flaw was found in GitHub CLI. The tool incorrectly includes authorization headers in API requests to TUF repository mirrors when using commands such as gh attestation, gh release verify, and gh release verify-asset. This issue occurs because the shared HTTP client's authentication layer lacks...
starknet-staking_audit1
Markdown https://dev.to/rdin777/starknet-btc-staking-how-to-ext...
EVE Doesn't Measure Config Partition From 2 Fronts
Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves
Summary A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is...
SUSE-SU-2022:4204-1 Security update for keylime
This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested bsc1204782...
The vulnerability of the OpenAttestation agent, related to errors in the implementation of the host attestation process, allows a violator to disclose the protected information.
The vulnerability of the OpenAttestation technology is related to errors in the process of hosting attestation. Exploiting this vulnerability can allow attackers to disclose the protected information...