Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/02/04 8:43 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the use of SHA1 PCRs when sealing and unsealing the vault key. An attacker can bypass integrity checks and modify configuration files undetected by measured boot and remote attestation by...

8.8CVSS8AI score0.00011EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.2 views

PT-2026-6495

Impact Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk...

8.8CVSS5.4AI score0.0003EPSS
Exploits0References6
OSV
OSVadded 2024/11/19 2:16 a.m.1 views

UBUNTU-CVE-2024-50281

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait for the AEAD cipher operation to finish and simply return after submitting the request. If there is...

5.5CVSS6AI score0.00033EPSS
Exploits0References8
OSV
OSVadded 2023/09/21 3:30 p.m.2 views

GHSA-3WMX-9QWP-H363 Duplicate Advisory: EVE Doesn't Protect Config Partition with Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous...

8.8CVSS5.5AI score0.0003EPSS
Exploits0References3
NVD
NVDadded 2023/09/21 2:15 p.m.11 views

CVE-2023-43634

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. I...

8.8CVSS8.6AI score0.0003EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2023/09/20 3:30 p.m.2 views

Duplicate Advisory: EVE Seals Vault Key With SHA1 PCRs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism...

8.8CVSS5.5AI score0.00014EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/09/20 3:15 p.m.2 views

CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

8.8CVSS5.7AI score0.00014EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/09/20 2:58 p.m.29 views

CVE-2023-43635 Vault Key Sealed With SHA1 PCRs

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

8.8CVSS8.8AI score0.00014EPSS
Exploits0References1
Rows per page
Query Builder