271 matches found
NVIDIA DGX 访问控制错误漏洞
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in NVIDIA DGX Station. An attacker exploiting this vulnerability could read, write, and erase flash memory, resulting in code execution, privilege escalation, denial of service...
CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0...
CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0...
CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0...
CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0...
CVE-2022-24120
CVE-2022-24120 affects General Electric Renewable Energy iNET and iNET II radios (prior to firmware 8.3.0). The root cause is plaintext (cleartext) storage of credentials in the device flash memory, exposing sensitive data on affected systems. Impact is confidentiality risk (C:H) with vector like...
CVE-2022-46142
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...
CVE-2022-46142
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...
CVE-2022-46142
CVE-2022-46142 affects Siemens RUGGEDCOM and SCALANCE devices. CLI passwords are stored in flash memory in an encrypted/recoverable form, so attackers with physical access could retrieve and decrypt them. Root cause: storing CLI passwords in flash; impact: confidentiality high; exploitation requi...
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory and how to extract file system data from the device. In this post, we'll cover how to modify the data we've extracted. Modify extracted file...
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data. Extracting partition data The next step in our hands-on IoT hacking...
CVE-2022-38161
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA...
Unrestricted file upload
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA...
CVE-2022-38161
The CVE-2022-38161 entry concerns the Gumstix Overo SBC on the VSKS board (used in Orlan-10 and others) with risk through 2022-08-09. Concrete detail: an unrestricted remapping of the NOR flash memory that contains the FPGA bitstream is possible, enabling potential integrity/availability risks to...
CVE-2022-38161
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA...
PT-2022-24248 · Gumstix · Gumstix Overo Sbc
Name of the Vulnerable Software and Affected Versions: Gumstix Overo SBC on the VSKS board through 2022-08-09 Description: The issue allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA, as used on the Orlan-10 and other platforms. Recommendations: For Gumst...
Oracle ZFS Storage Appliance Input Validation Error Vulnerability
Oracle ZFS Storage Appliance is a storage appliance that supports flash memory, petabyte file storage and built-in Oracle database from Oracle USA. A security vulnerability exists in Oracle ZFS Storage Appliance Kit version 8.8, which stems from a vulnerability that allows an elevated-privilege...
CVE-2017-20025
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version...
CVE-2017-20025
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version...
CVE-2017-20025 Solare Solar-Log Flash Memory privileges management
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version...