EUVD-2023-24697

Malicious code in bioql PyPI...

CVE-2023-20518

Incomplete cleanup in the ASP may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality...

CVE-2023-20518

Incomplete cleanup in the ASP may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality...

CVE-2023-20518

CVE-2023-20518 describes an incomplete cleanup in the AMD Secure Processor (ASP) that could expose the Master Encryption Key (MEK) to a privileged attacker with BIOS/UEFI access, leading to potential confidentiality loss. The vulnerability spans ASP, SEV, and SEV-SNP related firmware; exploitatio...

CVE-2023-20518

Incomplete cleanup in the ASP may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality...

PT-2024-11951 · Asp +1 · Asp +1

Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: The issue is related to incomplete cleanup in the ASP, which may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltrati...

AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞

AMD Secure Encrypted Virtualization and AMD Secure Processor ASP are both products of Ultraviolet Semiconductor AMD, Inc.AMD Secure Encrypted Virtualization is a software application. Hardware-accelerated memory encryption to protect data in use.AMD Secure Processor is a standalone ARM Coretex-A5...

Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

Delinea Thycotic Secret Server Dump

This module exports and decrypts Secret Server credentials to a CSV file; it is intended as a post-exploitation module for Windows hosts with Delinea/Thycotic Secret Server installed. Master Encryption Key MEK and associated IV values are decrypted from encryption.config using a static key baked...

Sharing the Secrets: Pwning an industrial IoT router

I get involved in a lot of IoT and ICS pen tests and found an interesting device on one of them. I didn’t have enough time on the job to go as deep as I wanted, so got PTP to buy a couple to play with. eBay FTW! It’s an Ewon Flexy IoT Router. It’s important to note that local access / public IP...

CVE-2018-3825

In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper...

Buffer overflow

SAP Adaptive Server Enterprise ASE 15.7 before SP122 or SP63, 15.5 before ESD5.4, and 15.0.3 before ESD4.4 does not properly restrict access, which allows remote authenticated database users to 1 overwrite the master encryption key or 2 trigger a buffer overflow via a crafted RPC message to the...