Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.11 views

SUSE CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 8:18 p.m.2 views

EUVD-2026-21506

Step CA affected by an index out of bounds panic in TPM attestation EKU validation...

3.7CVSS5.8AI score0.00181EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.7 views

Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:34 p.m.3 views

CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.2 views

PT-2026-31991

Name of the Vulnerable Software and Affected Versions Step CA versions 0.24.0 through 0.30.0-rc3 Description An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References11
OSV
OSV
added 2024/08/20 8:26 p.m.4 views

GO-2023-1583 User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation

User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation...

7AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2020/07/29 7:0 a.m.2378 views

Microsoft Guidance for Addressing Security Feature Bypass in GRUB

Executive Summary Microsoft is aware of a vulnerability in the GRand Unified Boot Loader GRUB, commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass. To exploit this vulnerability, an attacker would need to have administrative...

8.2CVSS8AI score0.01738EPSS
Exploits1
Rows per page
Query Builder