Lucene search
K

258 matches found

NVD
NVD
added 2024/02/23 5:15 p.m.13 views

CVE-2023-51392

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

9.8CVSS6.4AI score0.00244EPSS
Exploits0References1
Prion
Prion
added 2024/02/23 5:15 p.m.15 views

Hardcoded credentials

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

2.1CVSS7.4AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/23 4:12 p.m.16 views

CVE-2023-51392 Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

6.2CVSS6.6AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2024/02/23 4:12 p.m.82 views

CVE-2023-51392

Summary: CVE-2023-51392 affects Silicon Labs EmberZNet v7.2.0–v7.4.0 where software AES-CCM is used instead of hardware-accelerated cryptography, potentially enabling side-channel risks (electromagnetic and differential power analysis). The connected sources specify Ember ZNet and related advisor...

9.8CVSS6.4AI score0.00244EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/23 4:12 p.m.15 views

CVE-2023-51392 Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

6.2CVSS7.2AI score0.00244EPSS
Exploits0References1
OSV
OSV
added 2024/01/24 6:15 p.m.4 views

CVE-2021-42144

Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtlsccmdecryptmessage...

9.8CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.44 views

Oracle Linux 9 : openssl (ELSA-2024-0310)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...

7.5CVSS6.5AI score0.05533EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/30 3:15 a.m.4 views

CVE-2023-38022

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

5.5CVSS6.1AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 2023/12/30 3:15 a.m.4 views

CVE-2023-38022

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

5.5CVSS5.8AI score0.00169EPSS
Exploits0References2
Prion
Prion
added 2023/12/30 3:15 a.m.18 views

Null pointer dereference

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

1.7CVSS6.9AI score0.00169EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/30 3:15 a.m.23 views

Design/Logic Flaw

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...

1.7CVSS6.9AI score0.00206EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/12/30 12:0 a.m.45 views

CVE-2023-38021

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...

5.6AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2023/12/30 12:0 a.m.62 views

CVE-2023-38022

Fortanix EnclaveOS CCM Platform (Intel SGX) before 3.29 is affected by insufficient pointer validation in the strlen/sgx_is_within_user logic, enabling a local attacker with low privileges to access unauthorized information. Impact: confidentiality only (high). Exploitation details not fully desc...

5.5CVSS5.3AI score0.00169EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/30 12:0 a.m.15 views

CVE-2023-38022

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

6.6AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2023/12/30 12:0 a.m.61 views

CVE-2023-38021

CVE-2023-38021 relates to Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform prior to 3.32 for Intel SGX. A lack of pointer-alignment validation in enclave_ecall entry functions enables a local attacker to access unauthorized information via the system call layer. Impact is describe...

5.5CVSS5.3AI score0.00206EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/12/06 4:44 p.m.9 views

MAL-2023-8668 Malicious code in @saas-mf/ccm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4491a282ac34d4b4d1727c2376452a4566fb2a48fc548c5a86ef03a62902d9d0 The OpenSSF Package Analysis project identified '@saas-mf/ccm' @ 25.0.9 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
NVD
NVD
added 2023/10/25 6:17 p.m.42 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS7.4AI score0.03332EPSS
Exploits0References14
OSV
OSV
added 2023/10/25 6:17 p.m.5 views

AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.5AI score0.03332EPSS
Exploits0References1
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

AZL-42751 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.5AI score0.03332EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.84 views

Design/Logic Flaw

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

5CVSS7.2AI score0.03332EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder