EUVD-2024-27451

Malicious code in bioql PyPI...

CVE-2024-2502

An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event a tamper reset occurs. This impacts Series 2 HSE-SVH...

CVE-2024-2502 Failure to update the tamper reset cause register when a tamper event occurs

An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event a tamper reset occurs. This impacts Series 2 HSE-SVH...

CVE-2024-2502 Failure to update the tamper reset cause register when a tamper event occurs

An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event a tamper reset occurs. This impacts Series 2 HSE-SVH...

CVE-2024-2502

CVE-2024-2502 describes a tamper-handling bug in Silicon Labs Series 2 HSE-SVH devices where the TAMPERRSTCAUSE register may not be updated on a level 4 tamper event, potentially preventing the system from blocking boot attempts after consecutive tamper resets as intended. Affected products inclu...

Silicon Labs Series 2 HSE-SVH 安全漏洞

Silicon Labs Series 2 HSE-SVH is a wireless device from Silicon Labs, Inc. A security vulnerability exists in the Silicon Labs Series 2 HSE-SVH that originates from the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event occurs. The following products are affected:...

resources.hse.gov.uk Cross Site Scripting vulnerability OBB-3902078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

resources.hse.gov.uk Cross Site Scripting vulnerability OBB-3886026

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

resources.hse.gov.uk Cross Site Scripting vulnerability OBB-3882769

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

On the 14th of May, the Health Service Executive HSE, Ireland’s publicly funded healthcare system, fell victim to a Conti ransomware attack, forcing the organization to shut down more than 80,000 affected endpoints and plunging them back to the age of pen and paper. This happened a week after...

A week in security (May 17 – May 23)

Last week on Malwarebytes Labs, we looked at a banking trojan full of nasty tricks, explained some tips and pointers for using VirusTotal, and dug into how an authentication vulnerability was patched by Pega Infinity. We also explored how a Royal Mail phish deploys evasion tricks to avoid analysi...

A doctor reveals the human cost of the HSE ransomware attack

"It’s cracking, the whole thing." The words were delivered quickly, but in a thoughtful and measured way. As if the person saying them was used to delivering difficult news. Little surprise, given they belonged to a doctor. But this doctor wasnt describing a medical condition—this was their...

family.hse.ru Cross Site Scripting vulnerability OBB-1489841

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Command injection

Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...

CVE-2006-1961

Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...

CVE-2006-1961

Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...

CVE-2006-1961

CiscoWorks WLSE/WLSE Express <2.13, HSE and URT

CVE-2004-0391

CVE-2004-0391 affects Cisco WLSE (Wireless LAN Solution Engine) versions 2.0–2.5 and HSE (Hosting Solution Engine) 1.7–1.7.3, which contain a hardcoded username and password. The root cause is hardcoded credentials allowing remote attackers to add new users, modify existing users, and change conf...

Cisco Security Advisory: A default Username and Password in WLSE and HSE devices

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a re-release of the Advisory. In the previous Advisory release, it was incorrectly stated that the fix for this vulnerability is a configuration change. That has now been corrected. We apologize for any inconvenience, Cisco PSIRT - ------- Cis...

A Default Username and Password in WLSE and HSE Devices

...