162 matches found
CVE-2021-42775
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...
CVE-2021-42773
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated...
Buffer overflow
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user i...
CVE-2021-42772
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user i...
Enbra Ewm Trust Management Issue Vulnerability
Enbra Ewm is a universal reading device from the Czech company Enbra. It uses radios to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a trust management issue, which stems from multiple wireless M-Bus devices from Enbra using hard-coded credentials in secu...
Enbra Ewm Data Forgery Issue Vulnerability
Enbra Ewm is a universal reading device from the Czech company Enbra. It uses a radio to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a data forgery issue in version 1.7.29, which stems from the fact that the software does not check for or detect replay...
Enbra Ewm数据伪造问题漏洞
Enbra Ewm is a universal reading device from the Czech company Enbra. It uses a radio to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a data forgery issue in version 1.7.29, which stems from the fact that the software does not check for or detect replay...
Enbra Ewm信任管理问题漏洞
Enbra Ewm is a universal reading device from the Czech company Enbra. It uses radios to read water meters, heating cost indicators and heat meters. Enbra EWM is vulnerable to a trust management issue, which stems from multiple wireless M-Bus devices from Enbra using hard-coded credentials in secu...
Update now! Google Chrome fixes two in-the-wild zero-days
Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 93.0.4577.82, will be released for Windows, Mac, and...
Microsoft Edge’s ‘Super Duper Secure Mode’ Does What It Says
Plus: Facebook account hacks, Instagram-ban scammers, and more of the week’s top security news...
Edge’s Super Duper Secure Mode benchmarked: How much speed would you trade for security?
In an attempt to make Edge more secure, the Microsoft Vulnerability Research team has started to experiment with disabling Just-In-Time JIT compilation in the browsers V8 JavaScript engine, to create what its calling Super Duper Secure Mode. The reasoning behind this experiment sounds valid. A...
The vulnerability of the Lilypond scorebook program lies in the absence of restrictions on the execution of Postscript and SVG commands in a secure mode, allowing an attacker to execute arbitrary code.
The vulnerability of the Lilypond scorebook writing program lies in the lack of restrictions on the inclusion of Postscript and SVG commands when operating in a secure mode. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions
A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious...
CVE-2020-12787
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling...
Design/Logic Flaw
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling...
CVE-2020-12787
The CVE-2020-12787 entry concerns Microchip Atmel ATSAMA5 products in Secure Mode where an attacker can bypass applet handling security mechanisms. Connected sources corroborate the issue across Red Hat advisory and NVD entries, indicating the vulnerability affects ATSAMA5 SoCs operating in Secur...
CVE-2020-12787
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling...
CVE-2020-4233
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this...
DEBIAN-CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...
UBUNTU-CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...