258 matches found
CVE-2023-51392
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...
Hardcoded credentials
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...
CVE-2023-51392 Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...
CVE-2023-51392
Summary: CVE-2023-51392 affects Silicon Labs EmberZNet v7.2.0–v7.4.0 where software AES-CCM is used instead of hardware-accelerated cryptography, potentially enabling side-channel risks (electromagnetic and differential power analysis). The connected sources specify Ember ZNet and related advisor...
CVE-2023-51392 Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...
CVE-2021-42144
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtlsccmdecryptmessage...
Oracle Linux 9 : openssl (ELSA-2024-0310)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...
CVE-2023-38022
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...
CVE-2023-38022
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...
Null pointer dereference
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...
Design/Logic Flaw
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
CVE-2023-38021
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...
CVE-2023-38022
Fortanix EnclaveOS CCM Platform (Intel SGX) before 3.29 is affected by insufficient pointer validation in the strlen/sgx_is_within_user logic, enabling a local attacker with low privileges to access unauthorized information. Impact: confidentiality only (high). Exploitation details not fully desc...
CVE-2023-38022
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...
CVE-2023-38021
CVE-2023-38021 relates to Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform prior to 3.32 for Intel SGX. A lack of pointer-alignment validation in enclave_ecall entry functions enables a local attacker to access unauthorized information via the system call layer. Impact is describe...
MAL-2023-8668 Malicious code in @saas-mf/ccm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4491a282ac34d4b4d1727c2376452a4566fb2a48fc548c5a86ef03a62902d9d0 The OpenSSF Package Analysis project identified '@saas-mf/ccm' @ 25.0.9 npm as malicious. It is considered malicious because: - The package...
CVE-2023-5363
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
AZL-42751 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
Design/Logic Flaw
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...