518 matches found
CVE-2026-40097
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
CVE-2026-40097
CVE-2026-40097 affects Step CA (online CA for secure, automated certificate management). From version 0.24.0 up to before 0.30.0-rc3, an attacker can trigger an index-out-of-bounds panic during TPM device attestation by sending a crafted attestation key certificate with an empty EKU extension. Sp...
CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
CVE-2026-40097
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
Towards Remote Attestation of Microarchitectural Attacks: The Case of Rowhammer
Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume continued trustworthiness. We propose a shift from...
CVE-2026-32606
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...
CVE-2026-32606
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...
CVE-2026-32606 IncusOS has a LUKS encryption bypass due to insufficient TPM policy
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...
IncusOS has a LUKS encryption bypass due to insufficient TPM policy
The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...
PT-2026-25845
Name of the Vulnerable Software and Affected Versions IncusOS versions prior to 202603142010 Description The default configuration of systemd-cryptenroll, as used by IncusOS through mkosi, allows an attacker with physical access to the machine to access encrypted data without requiring interactio...
[SECURITY] Fedora 44 Update: keylime-7.14.1-1.fc44
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution...
[SECURITY] Fedora 43 Update: keylime-7.14.1-1.fc43
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution...
GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution
A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the tpm2daemon component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module TPM. A local attacker could exploit this to execute unauthorized code, potentially gainin...
OESA-2026-1336 gnupg2 security update
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gpg2 (SUSE-SU-2026:0434-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0434-1 advisory. Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA...
SUSE-SU-2026:0434-1 Security update for gpg2
This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field bsc1256389...
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...