271 matches found
Design/Logic Flaw
The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...
CVE-2023-2747
The CVE-2023-2747 issue concerns an uninitialized initialization vector (IV) used by the Secure Engine (SE) to encrypt data stored in SE flash memory, impacting Silicon Labs Gecko SDK/SE firmware. Concrete details from connected documents indicate the affected firmware range is Gecko SE firmware ...
CVE-2023-2747 Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...
PT-2023-21148 · Silabs.Com +1 · Gsdk +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized. This issue affects the encryption process, potentially...
BMC AMI 访问控制错误漏洞
BMC AMI BMC Automated Mainframe Intelligence is an automated mainframe intelligence solution from BMC USA. A security vulnerability exists in BMC AMI that stems from allowing an unauthenticated host to write to the mainframe SPI flash memory, bypassing secure boot protection and potentially leadi...
CVE-2023-30024
The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer...
CVE-2023-30024
CVE-2023-30024 concerns the MagicJack A921 USB Phone Jack. The vulnerability stems from a hidden NAND flash memory partition that allows unauthorized read/write access, enabling an attacker to replace the firmware with a malicious version and trigger ransomware deployment on the host computer. Af...
MagicJack A921 USB Phone Jack 安全漏洞
MagicJack A921 USB Phone Jack is a USB jack for free local and long distance calls from MagicJack USA. A security vulnerability exists in MagicJack A921 USB Phone Jack version v.1.4, which stems from the presence of an insecure privilege vulnerability. An attacker could exploit the vulnerability ...
Design/Logic Flaw
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
CVE-2023-20082 Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
CVE-2023-20082 Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
PT-2023-2222 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches versions prior to 16.11.1 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker...
CVE-2022-45552
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...
CVE-2022-45552
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...
Design/Logic Flaw
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...
CVE-2022-45552
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...
CVE-2022-45552
CVE-2022-45552 concerns an Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v21.06.18. The issue arises from exposure of the NAND flash memory via the SPI bus interface, coupled with insecure permissions, allowing an attacker to read sensitive information from...
SUSE CVE-2021-26347
Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...
NVIDIA DGX 访问控制错误漏洞
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in NVIDIA DGX A100. An attacker exploiting this vulnerability could read, write, and erase flash memory, resulting in code execution, privilege escalation, denial of service, a...