7 matches found
SUSE CVE-2026-40097
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
EUVD-2026-21506
Step CA affected by an index out of bounds panic in TPM attestation EKU validation...
Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...
CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
PT-2026-31991
Name of the Vulnerable Software and Affected Versions Step CA versions 0.24.0 through 0.30.0-rc3 Description An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device...
GO-2023-1583 User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation
User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation...
Microsoft Guidance for Addressing Security Feature Bypass in GRUB
Executive Summary Microsoft is aware of a vulnerability in the GRand Unified Boot Loader GRUB, commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass. To exploit this vulnerability, an attacker would need to have administrative...