54 matches found
CVE-2022-3738
CVE-2022-3738 concerns WAGO products (Missing authentication for config export). A remote unauthenticated attacker can download a backup file that may contain credentials and cryptographic material, provided a backup exists (created after last reboot). The connected sources identify the vulnerabi...
CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...
CVE-2020-25156
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...
CVE-2020-25156
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...
Code injection
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...
CVE-2020-25156 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...
CVE-2020-25156
CVE-2020-25156 concerns active debug code in B. Braun SpaceCom (versions L8/U61 and earlier) and Data module compactplus (A10/A11 and earlier) enabling possession of cryptographic material to gain root access. Connected sources confirm affected products and versions, with remediation updates rele...
SUSE Rancher K3s 安全漏洞
SUSE Rancher K3s is a CNCF sandboxing project from SUSE Germany that provides a lightweight but powerful certified Kubernetes distribution. A security vulnerability exists in SUSE Rancher K3s that allows any user with direct access to a datastore, or a copy of a datastore backup, to extract the...
FreeBSD : xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests (4d7cf654-ba4d-11e6-ae1b-002590263bf5)
The Xen Project reports : Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception NM when either CR0.EM or CR0.TS are set. Their AVX or AVX-512 extensions would consider only CR0.TS. While during normal operation this is ensured by the hardware, if ...
CR0.TS and CR0.EM not always honored for x86 HVM guests
ISSUE DESCRIPTION Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception NM when either CR0.EM or CR0.TS are set. Their AVX or AVX-512 extensions would consider only CR0.TS. While during normal operation this is ensured by the hardware, if a guest...
Back-End Software May Be Real Worry in RSA Attack
The attack on RSA that the company revealed last week raises a multitude of questions about the security of the company’s network and its own internal procedures. But the most important issues the RSA attack brings to the surface concern exactly what the attackers may have been after and what the...
DSA-1571-1 openssl - predictable random number generator
Bulletin has no description...
CORE-2007-1212: SILC pkcs_decode buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ SILC pkcsdecode buffer overflow Advisory Information Title: SILC pkcsdecode buffer overflow Advisory ID: CORE-2007-1212 Advisory URL:...
silc -- pkcs_decode buffer overflow
Core Security Technologies reports: A remote buffer overflow vulnerability found in a library used by both the SILC server and client to process packets containing cryptographic material may allow an un-authenticated client to executearbitrary code on the server with the privileges of the user...