Bosch Security Systems IP Cameras NXP Chip Side-Channel Key Extraction (CVE-2021-3011)

Several Bosch IP cameras are built on a hardware platform that uses an NXP SmartMX/P5x secure element affected by an electromagnetic-wave side-channel vulnerability. An attacker with extended physical access to the device could recover the ECDSA private key and clone the device. The issue resides...

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2023-32229)

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option signing of the video stream with option MD5, SHA-1 or SHA-256. This plugin only works with Tenable.ot...

Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

CVE-2025-14547 ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

PT-2025-45072

Name of the Vulnerable Software and Affected Versions Samsung Secure Element versions prior to SMR Nov-2025 Release 1 Description An out-of-bounds write issue exists in the handling of opcodes within the fingerprint trustlet. This allows a local privileged attacker to write to memory outside of...

EUVD-2015-6544

Malware in sbrugna...

EUVD-2020-4377

Malware in sbrugna...

EUVD-2024-52159

Malicious code in bioql PyPI...

EUVD-2023-36487

Malicious code in bioql PyPI...

EUVD-2023-59891

Malicious code in bioql PyPI...

EUVD-2023-25539

Malicious code in bioql PyPI...

CVE-2023-53298 nfc: fix memory leak of se_io context in nfc_genl_se_io

In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of seio context in nfcgenlseio The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfcgenlseio and supposed to be eventually freed in seiocb callback...

CVE-2025-21472

CVE-2025-21472 describes an information-disclosure vulnerability in Qualcomm Secure Element logging: when capturing logs, eSE debug messages are logged, potentially exposing sensitive data. The issue is classified with a Local attack vector, Low attack complexity, and Low privileges required, wit...

CVE-2025-21472 Leftover Debug Code in Secure Element

Information disclosure while capturing logs as eSE debug messages are logged...

CVE-2025-21472 Leftover Debug Code in Secure Element

Information disclosure while capturing logs as eSE debug messages are logged...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from the recording of eSE debug messages when capturing logs could lead to information disclosure...

KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

CVE-2023-32229

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option signing of the video stream with option MD5, SHA-1 or SHA-256...

CVE-2023-21371

In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...