300 matches found
CVE-2019-13179
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...
CVE-2019-13179
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...
CVE-2019-13179
CVE-2019-13179 affects Calamares versions 3.1 to 3.2.10. The root cause is that Calamares copies the LUKS keyfile at /crypto_keyfile.bin (mode 0600, root-owned) into /boot inside a globally readable initramfs image, making the key accessible to any user and exposing decryption keys for LUKS conta...
Hardcoded credentials
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
CVE-2019-1589
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
CVE-2019-1589
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
CVE-2019-1589
CVE-2019-1589 affects Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, via the TPM functionality. The issue arises from inadequate protection of disk encryption keys used within device hard-drive partitions, enabling an unauthenticated, local attacker with...
CVE-2019-1589 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
CVE-2019-1589 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
CVE-2018-20341
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where th...
CVE-2018-20341
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where th...
Design/Logic Flaw
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where th...
CVE-2018-20341
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where th...
CVE-2018-20341
CVE-2018-20341 affects WINMAGIC SecureDoc Disk Encryption software prior to version 8.3. It describes an Unquoted Service Path vulnerability where Windows may search unquoted directories in the service path, potentially executing an attacker-controlled binary with SYSTEM-level context. The impact...
Announcing new capabilities for the Microsoft Azure Security Center
Microsoft Azure Security Center—the central hub for monitoring and protecting against related incidents within Azure—has released new capabilities. The following features—announced at Hannover Messe 2019—are now generally available for the Azure Security Center: Advanced Threat Protection for Azu...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
Design/Logic Flaw
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...