283 matches found
CVE-2020-27208
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...
istio-pilot: requests to debug api can result in panic
An out-of-bounds read flaw was found in istio-pilot. This flaw allows an attacker to send a crafted HTTP GET request to the pilot debug API endpoint. This action causes pilot to panic, resulting in a denial of service to the istio pilot application. The highest threat from this vulnerability is t...
CVE-2020-25746
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker with physical access to the device to obtain sensitive information via the debug interface keystrokes over a USB cable, aka wireless password visibility...
CVE-2020-25746
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker with physical access to the device to obtain sensitive information via the debug interface keystrokes over a USB cable, aka wireless password visibility...
Default credentials
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker with physical access to the device to obtain sensitive information via the debug interface keystrokes over a USB cable, aka wireless password visibility...
CVE-2020-25746
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker with physical access to the device to obtain sensitive information via the debug interface keystrokes over a USB cable, aka wireless password visibility...
CVE-2020-25746
CVE-2020-25746 affects QED ResourceXpress Qubi3 devices before version 1.40.9. The issue allows a local attacker with physical access to the device to obtain sensitive information through the debug interface (USB keystrokes), effectively exposing wireless passwords and compromising confidentialit...
CVE-2019-19560
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information...
CVE-2019-19561
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information...
CVE-2019-19563
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information...
CVE-2019-19557
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information...
CVE-2019-19562
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information...
CVE-2019-19556
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information...
CVE-2019-19563
A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information...
CVE-2019-19557
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information...
CVE-2019-19562
An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information...
CVE-2019-19561
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information...
CVE-2019-19556
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information...
CVE-2019-19560
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information...
Design/Logic Flaw
A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information...