The vulnerability of the Windows Boot Manager’s download controller allows a hacker to bypass the device encryption function of BitLocker and gain access to encrypted data.

The vulnerability of the Windows Boot Manager download controller for Microsoft Windows operating systems relates to the bypassing of security functions. Exploiting this vulnerability can allow an attacker to circumvent the BitLocker device encryption function and gain access to encrypted data...

CVE-2022-0553

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

Code injection

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

AMD Secure Encrypted Virtualization 缓冲区错误漏洞

AMD Secure Encrypted Virtualization is a software application from UltraMicroelectronics AMD. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization SEV suffers from a buffer error vulnerability that stems from insufficient validation of input. An...

AMD Secure Processor 安全漏洞

AMD Secure Encrypted Virtualization is a product of AMD Semiconductor, Inc. AMD Secure Encrypted Virtualization is a software application.AMD System Management Unit SMU is a system management unit. AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip. A security vulnerability exists in AM...

AMD Secure Encrypted Virtualization (SEV) 安全漏洞

AMD Secure Encrypted Virtualization is a software application from UltraMicroelectronics AMD. Hardware-accelerated memory encryption to protect data in use. A security vulnerability exists in AMD Secure Encrypted Virtualization SEV. An attacker exploited the vulnerability to disclose sensitive...

AMD Secure Encrypted Virtualization 安全漏洞

AMD Secure Encrypted Virtualization is a software application from UltraMicroelectronics AMD. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization suffers from a security vulnerability that stems from insufficient boundary checking. An attacker exploi...

zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in zephyr that stems from its failure to check if slot 0 is uploaded from the device to the host resulting in unencrypted firmware that can be easily retrieved when an...

CVE-2022-0553

CVE-2022-0553 concerns Zephyr RTOS: a missing check on whether slot 0 is uploaded from the device to the host allows retrieval of unencrypted firmware when encrypted images are used. The root cause is the upload check omission, enabling potential exposure of firmware. Impact is stated as high con...

AMD Secure Processor 安全特征问题漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP, AMD System Management Unit SMU, and AMD Secure Encrypted Virtualization SEV. An attacker could exploit this vulnerability to cause an informati...

AMD Secure Processor 安全漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP, AMD System Management Unit SMU, and AMD Secure Encrypted Virtualization SEV, which stems from insufficient authentication of commands, which...

PT-2023-1405 · Amd · Amd Secure Encrypted Virtualization (Sev) Firmware

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization SEV firmware affected versions not specified Description: The issue is related to insufficient input validation in the SEV firmware, which may allow an attacker to perform out-of-bounds memory reads within...

PT-2023-1485 · Amd · Amd Secure Encrypted Virtualization (Sev) Firmware

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization SEV firmware affected versions not specified Description: The issue is related to improper input validation and bounds checking in the SEV firmware, which may cause a buffer overflow in memory. This could...

PT-2023-1488 · Amd · Amd System Management Unit +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified AMD System Management Unit SMU affected versions not specified AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to errors in...

PT-2023-7463 · Zyxel · Zyxel Usg Flex 50 +7

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.35 Zyxel USG FLEX series versions 4.50 through 5.35 Zyxel USG FLEX 50W versions 4.16 through 5.35 Zyxel USG20W-VPN versions 4.16 through 5.35 Zyxel VPN series versions 4.30 through 5.35 Zyxel NWA110AX...

The vulnerability of the Client component in TP-Link Archer AX10 microprogramming software allows a attacker to execute a brute-force attack and gain unauthorized access to protected information.

The vulnerability of the Client component in TP-Link Archer AX10 microprogramming software lies in the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to execute a brute-force attack and gain unauthorized access to protected information...

PT-2023-1404 · Amd · Amd Secure Encrypted Virtualization-Encrypted State

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization-Encrypted State SEV-ES affected versions not specified Description: The issue is related to insufficient bounds checking in the implementation of AMD Secure Encrypted Virtualization-Encrypted State SEV-ES...

The vulnerability of the implementation of TLS and SSL software from Mbed TLS allows a attacker to rewrite data in the memory buffer and restore the encrypted RSA key.

The vulnerability of the implementation of TLS and SSL software from Mbed TLS relates to the possibility of writing data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to rewrite data into the memory buffer and restore the encrypted RSA key...

PT-2023-1484 · Amd · Amd Secure Encrypted Virtualization

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to insufficient input validation in the implementation of AMD Secure Encrypted Virtualization SEV microcode in AMD processors. This coul...

GHSA-89QM-WCMW-3MGG Gitops Run insecure communication

Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...