Konzept-iX PubliXone Information Disclosure Vulnerability (CNVD-2020-60716)

Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. An information disclosure vulnerability exists in Konzept-iX PubliXone version 2019.045, which exposes PubliXone to cross-site scripting, account takeover, lack of access control, hard-cod...

Konzept-iX PubliXone Authorization Issues Vulnerability

Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. PubliXone 2019.045 suffers from a security vulnerability that can cause cross-site scripting, account takeover, lack of access control, hard-coded keys, and file download distress. No...

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化，爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化，所以如果知道了shiro的编码方式，然后将恶意命令用它的编码方式进行编码并放在http头的cookie里，在shiro对提交的cookie的rememberme字段进行反序列化时，也就执行了插入的命令，最终造成了命令执行 shiro默认使用了CookieRememberMeManager，其处理cookie的流程是：...

NVIDIA DGX servers BMC firmware trust management issue vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A vulnerability with trust management issues exists in the NVIDIA DGX servers BMC firmware prior to version 3.38.30, which stems from a vulnerability in the AMI BMC firmware that contains a vulnerability usin...

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

CVE-2020-11487

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may le...

CVE-2020-11483

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...

CVE-2020-11483

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...

Hardcoded credentials

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may le...

Hardcoded credentials

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...

CVE-2020-11483

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...

CVE-2020-11483

NVIDIA DGX-1, DGX-2, and DGX A100 DGX systems are affected by CVE-2020-11483 due to hard-coded credentials in the AMI BMC firmware. The root cause is embedded credentials in the BMC firmware, which may permit elevation of privileges or information disclosure over the network. According to NVIDIA’...

Security Bulletin: AMI Baseboard Management Controller (BMC) Firmware Vulnerabilities in NVIDIA DGX-1, DGX-2, and DGX A100 Servers - October 2020

NVIDIA has released a firmware security update for NVIDIA DGX™ servers. This update addresses security issues in the AMI Baseboard Management Controller BMC firmware that may lead to remote code execution, elevation of privileges, or information disclosure. All issues require network access to th...

Micro Focus Operations Bridge Manager diagnostics Use of Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product's authentication mechanism. The product contains a...

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus Vulnerabilities : Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation,...

CVE-2020-7590

A vulnerability has been identified in DCA Vantage Analyzer All versions V4.5 are affected by CVE-2020-7590. In addition, serial numbers 40000 running software V4.4.0 are also affected by CVE-2020-15797. Affected devices use a hard-coded password to protect the onboard database. This could allow ...

CVE-2020-7590

A vulnerability has been identified in DCA Vantage Analyzer All versions V4.5 are affected by CVE-2020-7590. In addition, serial numbers 40000 running software V4.4.0 are also affected by CVE-2020-15797. Affected devices use a hard-coded password to protect the onboard database. This could allow ...