11 matches found
CVE-2025-7432
CVE-2025-7432 concerns Silicon Labs’ Series 2 devices where DPA countermeasures are not reseeded under certain conditions. The vulnerability could enable an attacker to eventually extract secret keys via a differential power analysis (DPA) attack. The provided metrics indicate a low base score (C...
EUVD-2023-27860
Malicious code in bioql PyPI...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2024-9055 DPA Countermeasures need reseeding
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack...
Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Access (CVE-2024-45678)
Summary A Security Vulnerability was addressed in IBM Security Verify Access regarding Yubico Yubikey 5 Series. Vulnerability Details CVEID:CVE-2024-45678 DESCRIPTION: Yubico YubiKey 5 Series, Security Key Series and YubiHSM 2 could allow a physical attacker to obtain sensitive information, cause...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
Design/Logic Flaw
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
libgcrypt: secret key extraction
A vulnerability was found in a way the ECDH encryption algorithm decrypts data. An attacker with a specialized setup can extract the secret decryption key from a target located in an adjacent room within seconds. This is done by measuring the target's electromagnetic emanations...