18 matches found
PUB-A-400838288
In multiple locations, there is a possible bypass between two Java Card Applets due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2021-30327
Malicious code in bioql PyPI...
EUVD-2021-30328
Malicious code in bioql PyPI...
Kigen eUICC Type Confusion
Security Explorations has broken the security of Kigen eUICC card with GSMA consumer certificates installed into it. The eUICC card makes it possible to install the so called eSIM profiles into target chip. eSIM profiles are software representations of mobile subscriptions. For many years such...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
PUB-A-319068397
Bulletin has no description...
de.fac2 安全漏洞
de.fac2 is a Javacard applet that implements the Fido U2F token from Bundesamt für Sicherheit in der Informationstechnik in Germany. A security vulnerability exists in de.fac2 version 1.34, which originates from bypassing user protection mechanisms in the presence of malware on the victim's...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43392
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
CVE-2021-43392
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
Code injection
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
Code injection
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43392
CVE-2021-43392 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, exposing information about cryptographic secrets via the ECDSA signature algorithm on the Java Card 3.0.4 API. The issue is exploitable for STSAFE-J in closed configurations and for J-SIGN when signature verifica...
CVE-2021-43392
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
CVE-2021-43393
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...
CVE-2021-43393
CVE-2021-43393 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, due to how ECDSA verification is exposed via the Java Card API (3.0.4). The issue allows abuse of signature verification and is exploitable for STSAFE-J in closed configurations and J-SIGN when verification is ac...
STMicroelectronics STSAFE-J 数据伪造问题漏洞
The STMicroelectronics STSAFE-J is a highly secure solution from STMicroelectronics Switzerland. It acts as a security element by providing authentication, data management and encryption services to local or remote hosts. A data forgery issue vulnerability exists in the STMicroelectronics STSAFE-...