EUVD-2022-15675

Malicious code in bioql PyPI...

CVE-2024-49504 grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks...

CVE-2024-49504 grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks...

CVE-2022-0553

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

Code injection

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

CVE-2022-0553

CVE-2022-0553 concerns Zephyr RTOS: a missing check on whether slot 0 is uploaded from the device to the host allows retrieval of unencrypted firmware when encrypted images are used. The root cause is the upload check omission, enabling potential exposure of firmware. Impact is stated as high con...

USN-5776-1 containerd vulnerabilities

It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. CVE-2022-23471, CVE-2022-31030 It was discovered that containerd incorrectly set ...

Design/Logic Flaw

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

CVE-2022-24778

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

CVE-2022-24778 Incorrect Authorization in imgcrypt

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

CVE-2020-14382

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

Want lunch? Palm it over

Fed up with using swipe cards and PINs for their students’ lunch payments, a school board district in Clearwater, Fla. recently partnered with microelectronic company Fujitsu to use palm vein readers for nearly half of their 102,000 students. Pinellas County School Board District spent $120,000 t...