19 matches found
EUVD-2006-2703
Malware in sbrugna...
EUVD-2006-2704
Malware in sbrugna...
EUVD-2006-2705
Malware in sbrugna...
EUVD-2006-2715
Malware in sbrugna...
EUVD-2006-2706
Malware in sbrugna...
Code injection
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients...
CVE-2006-2704
Secure Elements Class 5 AVR server and client aka C5 EVM before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information...
Hardcoded credentials
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server...
Design/Logic Flaw
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts...
CVE-2006-2705
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages...
CVE-2006-2706
CVE-2006-2706 affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The issue allows remote attackers to trigger a denial of service by sending forged "session start" messages that cause the AVR server to connect to arbitrary hosts. The vulnerability description in t...
CVE-2006-2707
The CVE-2006-2707 entry affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The root cause is that the server does not validate the peer certificate when obtaining updates, which could allow remote attackers to distribute malicious updates to clients. The available...
CVE-2006-2705
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages...
CVE-2006-2704
CVE-2006-2704 affects Secure Elements Class 5 AVR server and client (C5 EVM) prior to version 2.8.1. The issue is that messages are sent in cleartext, allowing remote attackers to read sensitive vulnerability information. The connected documents do not provide exploit details, affected product va...
CVE-2006-2706
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts...
CVE-2006-2716
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server...
CVE-2006-2705
CVE-2006-2705 affects Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The vulnerability allows remote attackers to cause an unspecified denial of service through a flood of forged client registration messages. Connected documents do not add concrete technical details (affe...
Secure Elements Class 5 AVR server fails to properly authenticate registration messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate registration messages. This may allow an attacker to cause a denial-of-service condition on the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that...
Secure Elements Class 5 AVR server fails to properly authenticate session start messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate "session start" messages. This may allow an attacker to cause the server to initiate TCP connections to arbitrary destinations, which can cause a denial of service to both the server and the specified target. Descripti...