21 matches found
EUVD-2016-2657
Malware in sbrugna...
EUVD-2014-5890
Malware in sbrugna...
OESA-2024-2549 linux-firmware security update
This package contains firmware images required by some devices. Security Fixes: IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in...
kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity
A flaw was found in the way AMD IOMMU handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...
UBUNTU-CVE-2023-20584
IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...
CVE-2023-20584
IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...
Lateral Movement – Visual Studio DTE
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading - Lateral Movement - Visual Studio DTE...
newlook.dteenergy.com Cross Site Scripting vulnerability OBB-3505052
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
DTE Energy Insight application for Android information disclosure vulnerability
The DTE Energy Insight application for Android is DTE Energy's suite of Android-based applications that enable DTE Energy customers to track their energy usage. A security vulnerability exists in the REST API of the DTE Energy Insight application for Android prior to version 1.7.8. The...
CVE-2016-1562
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...
Design/Logic Flaw
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...
CVE-2016-1562
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...
CVE-2016-1562
The CVE-2016-1562 issue affects the DTE Energy Insight Android app’s REST API prior to version 1.7.8. An authenticated remote user could obtain limited customer data by manipulating a SQL expression in the filter parameter. The root cause is exposure via the filter parameter in the REST API, lead...
DTE Energy Insight app vulnerable to information exposure
Overview The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. Description CWE-200: Information Exposure- CVE-2016-1562The DTE Energy Insight app lets DTE Energy customers track their energy usage. This informati...
CVE-2014-6002
The DTE Energy aka com.dteenergy.mydte application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The DTE Energy aka com.dteenergy.mydte application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6002
The CVE-2014-6002 entry concerns the DTE Energy (com.dteenergy.mydte) Android app, version 3.0.3, which does not verify X.509 certificates when connecting to SSL servers. This weakness allows an attacker performing a man-in-the-middle attack to spoof servers and access sensitive information via a...
CVE-2014-6002
The DTE Energy aka com.dteenergy.mydte application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2012-2455
Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors...
CVE-2012-2455
The CVE concerns Advanced Productivity Software DTE Axiom before 12.3.3, where registration ID validation is missing, allowing remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors. Root cause is lack of registration ID vali...