Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12775

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.00331EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2025/09/23 8:27 a.m.5 views

libtpms: Libtpms Out-of-Bounds Read Vulnerability

A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...

5.9CVSS6.2AI score0.00135EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/30 4:9 a.m.8 views

libtpms: Libtpms Out-of-Bounds Read Vulnerability

A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...

5.9CVSS6.2AI score0.00135EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2025/06/13 12:32 a.m.262 views

Exploit for Integer Overflow or Wraparound in Tesla Model_3_Firmware

Tesla Nasıl Hacklenir? — Etkileşimli Senaryo Uygulaması Bu pr...

7.5CVSS7.8AI score0.00331EPSS
Exploits2
Lenovo
Lenovo
added 2025/06/10 2:53 p.m.8 views

TPM 2.0 Reference Code Vulnerability – Discrete TPMs - Lenovo Support US

No description provided...

6.6CVSS6.4AI score0.00199EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/02 8:13 p.m.20 views

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

7.5CVSS8.2AI score0.00331EPSS
Exploits2References3
OSV
OSV
added 2025/04/30 8:15 p.m.3 views

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

7.5CVSS6.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/04/30 12:0 a.m.20 views

(Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure...

7.5CVSS7.6AI score0.00331EPSS
Exploits2
OSV
OSV
added 2024/06/28 9:15 p.m.8 views

AZL-42978 CVE-2024-29040 affecting package tpm2-tss for versions less than 4.0.2-1

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

4.3CVSS6.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.3 views

PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5

Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...

6.4CVSS7.9AI score0.00519EPSS
Exploits1References41
The Hacker News
The Hacker News
added 2024/04/03 1:7 p.m.26 views

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials DBSC to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an op...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/06/03 12:15 p.m.3 views

CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

5.5CVSS5.5AI score0.00259EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/04/04 11:0 a.m.71 views

SAS 2019 to Tackle APTs, Supply Chains and More

Kaspersky Lab’s Security Analyst Summit kicks off in Singapore next week, where elite researchers, top cybersecurity firms and global law-enforcement agencies will discuss today’s biggest cybersecurity threats and how best to squash them. This year marks the first time the global security...

0.1AI score
Exploits0References3
The Hacker News
The Hacker News
added 2018/03/21 8:12 a.m.43 views

AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon

AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/10/25 10:55 a.m.43 views

What You Need To Know About The "ROCA" vulnerability

By Daniel Franke, Infosec Researcher Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap an...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/17 2:24 p.m.34 views

Security Flaw in Infineon Smart Cards and TPMs

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith's attack: While all keys generated with the library are much weaker than they...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2013/04/26 10:39 a.m.11 views

Google Joins FIDO Alliance Effort to Move Beyond Passwords

Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year...

0.9AI score
Exploits0References1
Rows per page
Query Builder