CVE-2026-22696

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

CVE-2026-22696

CVE-2026-22696 concerns the dcap-qvl library used for SGX/TDX quote verification. The issue is a gap in cryptographic verification where QE Identity collateral is fetched from PCCS but the QE Identity signature is not verified against its certificate chain, and QE Report policy checks are not enf...

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

nearai-cloud-verifier (=0.0.1-alpha.1) potentially affected by CVE-2026-22696 via @phala/dcap-qvl-node (=0.3.3)

@phala/dcap-qvl-node NPM version =0.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on @phala/dcap-qvl-node and may be impacted: - nearai-cloud-verifier =0.0.1-alpha.1 Source cves: CVE-2026-22696 Source advisory: OSV:GHSA-796P-J2GH-9M2Q...

GHSA-796P-J2GH-9M2Q dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

PT-2026-4820

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qe identity,...

EUVD-2020-29614

Malware in sbrugna...

EUVD-2023-31021

Malicious code in bioql PyPI...

EUVD-2023-47208

Malicious code in bioql PyPI...

CVE-2023-42776

Improper input validation in some IntelR SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access...

CVE-2020-8766

Improper conditions check in the IntelR SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access...

Input validation

Improper input validation in some IntelR SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access...

CVE-2023-42776

CVE-2023-42776 affects Intel® SGX DCAP software for Windows prior to version 1.19.100.3. The issue is improper input validation, potentially allowing an authenticated local user to disclose information. Intel recommends updating to 1.19.100.3 or later to remediate. Connected sources (Intel adviso...

CVE-2023-42776

Improper input validation in some IntelR SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access...

PT-2024-1910 · Intel · Intel Sgx Dcap

Name of the Vulnerable Software and Affected Versions: IntelR SGX DCAP software for Windows versions prior to 1.19.100.3 Description: The issue is related to insufficient input validation in the Intel SGX DCAP software, which may allow an authenticated user to potentially enable information...

Intel® SGX DCAP Software Advisory

Summary: A potential security vulnerability in some Intel® Software Guard Extensions SGX Data Center Attestation Primitives DCAP software may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-42776...

The vulnerability of the Makves DCAP software lies in its lack of access control mechanisms, allowing attackers to bypass existing security restrictions.

The vulnerability of the Makves DCAP software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

CVE-2023-27243

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API...

CVE-2023-27243

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API...

CVE-2023-27243

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API...