17 matches found
EUVD-2025-12775
Malicious code in bioql PyPI...
libtpms: Libtpms Out-of-Bounds Read Vulnerability
A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...
libtpms: Libtpms Out-of-Bounds Read Vulnerability
A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...
Exploit for Integer Overflow or Wraparound in Tesla Model_3_Firmware
Tesla Nasıl Hacklenir? — Etkileşimli Senaryo Uygulaması Bu pr...
TPM 2.0 Reference Code Vulnerability – Discrete TPMs - Lenovo Support US
No description provided...
CVE-2025-2082
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...
CVE-2025-2082
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...
(Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure...
AZL-42978 CVE-2024-29040 affecting package tpm2-tss for versions less than 4.0.2-1
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5
Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...
Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks
Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials DBSC to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an op...
CVE-2021-3569
A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...
SAS 2019 to Tackle APTs, Supply Chains and More
Kaspersky Lab’s Security Analyst Summit kicks off in Singapore next week, where elite researchers, top cybersecurity firms and global law-enforcement agencies will discuss today’s biggest cybersecurity threats and how best to squash them. This year marks the first time the global security...
AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon
AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs...
What You Need To Know About The "ROCA" vulnerability
By Daniel Franke, Infosec Researcher Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap an...
Security Flaw in Infineon Smart Cards and TPMs
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith's attack: While all keys generated with the library are much weaker than they...
Google Joins FIDO Alliance Effort to Move Beyond Passwords
Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year...