PT-2026-6461

Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...

EUVD-2023-48035

Malicious code in bioql PyPI...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

Remote code execution

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS (PHP-based web app for online programming exercises) versions prior to 3.11 (d0de1e) are vulnerable to remote code execution via the "Questions" page and the "Code editor" page. The root cause is escaping Python sandboxing, enabling attacker-controlled code execution. Public advisories consi...

Exploit for Code Injection in Utoronto Pcrs

CVE-2023-46404 PCRShttps://mcs.utm.utoronto.ca/pcrs/pcrs/...

Design/Logic Flaw

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. I...

CVE-2023-43634

CVE-2023-43634 relates to the EVE project: the config partition is measured for TPM PCRs used to seal/unseal the vault key. A change moved the config partition measurement from PCR 13 to PCR 14, but PCR 14 was not added to the sealing/unsealing list, making PCR 14’s measurement effectively redund...

CVE-2023-43630

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is...

CVE-2023-43635 Vault Key Sealed With SHA1 PCRs

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

SUSE CVE-2017-16837

Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...

CVE-2022-0317

The CVE-2022-0317 issue affects go-attestation prior to 0.4.0. A local attacker can craft a malicious Quote with no/some PCRs that makes AKPublic.Verify succeed, then reuse the same PCR set in Eventlog.Verify to spoof TCG log events and defeat remotely-attested measured-boot. Public advisories (G...

GHSA-99CG-575X-774P Go-Attestation Improper Input Validation with attacker-controlled TPM Quote

Impact An improper input validation vulnerability in go-attestation before 0.4.0 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...

SUSE: Security Advisory (SUSE-SU-2017:3090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : tboot (EulerOS-SA-2021-1452)

According to the version of the tboot package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows...

EulerOS Virtualization 3.0.6.6 : tboot (EulerOS-SA-2021-1521)

According to the version of the tboot package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows...