CVE-2018-6323

CVE-2018-6323 : In GNU Binutils’ libbfd, the elf_object_p function in elfcode.h contains an unsigned integer overflow due to missing use of bfd_size_type in multiplication. A crafted ELF file can remotely crash the application (DoS) or have unspecified other impact. This CVE is referenced in IBM ...

The vulnerability of the NX-OS operating system of the Cisco Unified Computing System Central device management system is related to incorrect verification of the cryptographic signature of data. This allows a perpetrator to bypass the signature verification during the loading of updates.

The vulnerability of the NX-OS operating system of the Cisco Unified Computing System Central device management system is related to incorrect verification of the cryptographic signature of data. Exploiting this vulnerability could allow an attacker to bypass the signature verification and downlo...

Microsoft Windows Device Guard Security Bypass Vulnerability (CNVD-2018-00778)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Device Guard is one of the device protection components. A security bypass vulnerability exists in Device Guard for Microsoft Windows, which arises from the program failing to properly validate an...

Microsoft Windows Multiple Vulnerabilities (KB4054517)

This host is missing a critical security update according to Microsoft KB4054517 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Device Guard Security Feature Bypass Vulnerability

A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard...

Multiple vulnerabilities in the Intel Trusted Execution Engine (TXE) subsystem of the Platform Controller Hub family of microprogramming devices, which allow unauthorized code to be executed

The multiple vulnerabilities of the Intel Trusted Execution Engine TXE subsystem in microprogramming software of the Platform Controller Hub PCH family, which serve as south bridges, are caused by buffer overflows. Exploitation of these vulnerabilities could allow an attacker to execute unsigned...

Multiple Cisco Products Cisco NX-OS System Software Security Bypass Vulnerabilities

Cisco Multilayer Director Switches are products of Cisco Corporation.Cisco Multilayer Director Switches is a switch product.Unified Computing System Manager is a set of embedded device management software.Cisco NX-OS System Software is a set of software that runs in the switch. Cisco NX-OS System...

CVE-2017-12333

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit thi...

Cisco NX-OS System Software Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit thi...

Belden Hirschmann Tofino Xenon Security Appliance Firmware Signature Vulnerability

The Tofino Xenon security appliance is the ideal solution for segmenting control networks into secure zones. An incomplete firmware signature vulnerability exists in the Tofino Xenon security appliance versions prior to 03.2.00. The vulnerability arises because the applianceconfig file is signed...

Design/Logic Flaw

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...

CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...

CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...

CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...

CVE-2017-11400

Affected product: Belden Hirschmann Tofino Xenon Security Appliance (before 03.2.00). Issue and root cause: Incomplete firmware signature verification due to appliance_config being signed while the .tar.sec is unsigned, enabling a local attacker to upgrade the kernel and filesystem with unsigned,...

Microsoft Windows Device Guard Security Bypass Vulnerability (CNVD-2017-37111)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Device Guard is one of the device protection components. A security feature bypass vulnerability exists in Device Guard in Microsoft Windows. A remote attacker could exploit this vulnerability to...

CVE-2017-11830

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability"...

CVE-2017-11830

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability"...

CVE-2017-2898

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of...

CVE-2017-2898

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of...