EUVD-2018-3950

Malware in sbrugna...

EUVD-2022-27223

Malicious code in bioql PyPI...

CVE-2019-0120

Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Series, IntelR PentiumR Processor...

CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

K29002929: INTEL-SA-00223 - Intel Unified Extensible Firmware Interface CVE-2019-0120

Security Advisory Description Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Serie...

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

CVE-2022-22069

CVE-2022-22069 affects Qualcomm Snapdragon devices when keyprotect is disabled. The issue: unencrypted keybox stored in RPMB, enabling a cryptographic issue across Snapdragon Auto, Compute, Connectivity, Industrial IOT, Mobile, and Wearables. Root cause: keyprotect-off condition allows RPMB keybo...

CVE-2022-32556

CVE-2022-32556 affects Couchbase Server before 7.0.4. During certain crashes, a private key is leaked to log files, exposing sensitive material and potentially impacting confidentiality. CVSSv3.1 base score is 7.5 (HIGH). The provided materials identify affected product/version and the root cause...

CVE-2021-34588

The CVE-2021-34588 issue affects Bender ebee Charge Controllers (CC612/CC613 series, ICC15xx/ICC16xx). It arises from an unprotected data export where the backup export is protected by a random key that is set at user login and becomes empty after reboot, enabling credential checks bypass and pri...

CVE-2021-29950

Summary: CVE-2021-29950 affects Mozilla Thunderbird prior to 78.8.1. The issue occurs when OpenPGP keys are unprotected in memory before decryption, signing, or import tasks; if the task fails, the secret key may remain in memory in an unprotected state. Impact (as described): Potential exposure ...

[ASA-202105-29] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202105-29 ========================================== Severity: Low Date : 2021-05-25 CVE-ID : CVE-2021-29956 CVE-2021-29957 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1964 Summary ======= The package...

CVE-2020-8152

CVE-2020-8152 affects Nextcloud Server 19.0.1 where server-side encryption keys are not adequately protected, enabling an attacker to replace the public key and later decrypt data. The vulnerability is described in Nextcloud advisory NC-SA-2020-040 and related disclosures; the issue concerns impr...

CVE-2019-0120

Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Series, IntelR PentiumR Processor...

Design/Logic Flaw

Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Series, IntelR PentiumR Processor...

CVE-2019-0120

CVE-2019-0120 describes an Insufficient key protection vulnerability in silicon reference firmware for Intel® processors (J/N series, Celeron, Atom A/E3900, and Pentium Silver). The root cause is inadequate protection of keys within the silicon reference firmware, potentially allowing a privilege...

Expanding Use of PKI in Variety of Devices Holds Challenges

LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some...

​Jeremy Rowley on the Facebook Tor Cert & the Future of PKI

Dennis Fisher talks with Jeremy Rowley of DigiCert about the company’s decision to issue a certificate for Facebook’s .onion site, the challenge of key protection in today’s environment and what the near future holds for PKI. Download: digitalunderground170.mp3 Music by Chris Gonsalves...

Three problems in OpenSSH's ssh-keysign

This is being posted to bugtraq in the interest of full disclosure. Originally sent to [email protected]. There are 3 problems we observed by inspection of OpenSSH's ssh-keysign: 1 Charles Hannum Since no blinding is done on the RSA calculations, ssh-keysign is effectively a fairly efficient...