9 matches found
CVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
CVE-2020-15107
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface ABI for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an...
CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...
CVE-2020-15224 Socket syscalls can leak enclave memory contents in Open Enclave
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the...
CVE-2020-15107
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface ABI for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an...
CVE-2020-15107
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface ABI for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an...
Design/Logic Flaw
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface ABI for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an...
CVE-2020-15107 x87 FPU operations in enclaves are vulnerable to ABI poisoning in openenclave
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface ABI for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an...
Microsoft MFC FindFile function heap buffer overflow
Overview A buffer overflow vulnerability in the Microsoft Foundation Class MFC Library could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Foundation Class MFC Library is a Microsoft library that wraps parts of the Windows API in C++ classes. The MFC...