20 matches found
CVE-2026-45329
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...
CVE-2026-45329
ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in ESP-TEE secure-service wrappers (esp_secure_services.c and esp_secure_services_iram.c) affecting versions 5.5.4 and 6.0. Several caller-supplied pointer arguments were not fully validated, allowing inputs to reference TEE-e...
CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...
EUVD-2026-35916
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
CVE-2026-45328
The CVE concerns ESF-IDF’s ESP-IDF esp_tee component. In versions 5.5.4 and 6.0, the secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c bridge calls from the REE to TEE-protected peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and security features (attestation, OTA,...
CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
Absolute Secure Access security vulnerability
Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.20 contained a security vulnerability. This vulnerability allowed attackers wit...
Secure API-Driven Research Automation to Accelerate Scientific Discovery
The Secure Scientific Service Mesh S3M provides API-driven infrastructure to accelerate scientific discovery through automated research workflows. By integrating near real-time streaming capabilities, intelligent workflow orchestration, and fine-grained authorization within a service mesh...
Esri ArcGIS Server Access Control Error Vulnerability
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. An Access Control Error vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which stems from improper access control and can be exploited by a remote, low-privilege...
Esri ArcGIS Server 访问控制错误漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. An Access Control Error vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which stems from improper access control and can be exploited by a remote, low-privilege...
Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Secure Access Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Puls...
Absolute Secure Access Security Vulnerability
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.06. An attacker exploited the vulnerability resulting in a significant...
Absolute Secure Access Security Vulnerability
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.06. An attacker exploited the vulnerability resulting in a significant...
Absolute Secure Access Security Vulnerability
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.06. An attacker exploited the vulnerability resulting in a significant...
CVE-2024-23717
In accesssecureservicefromtempbond of btmsec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Input validation
In accesssecureservicefromtempbond of btmsec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2024-23717
In accesssecureservicefromtempbond of btmsec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2024-20033 · Bluetooth · Bluetooth
Name of the Vulnerable Software and Affected Versions: Bluetooth versions affected versions not specified Description: The issue is related to improper input validation in the access secure service from temp bond function of btm sec.cc, which could allow keystroke injection. This might lead to...
Web Security Expands into Secure Service Edge (SSE)
Trend has been securing web access for over a decade with forward-looking innovation and a global footprint to support our customer’s security strategy. We are committed to our customers’ journey of transforming their current security posture, aligning with Zero Trust principles, and embracing a...
CVE-2020-13162
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows which runs as NT AUTHORITY/SYSTEM allows unprivileged users to run a Microsoft Installer executable with elevated privileges...