CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla aka GorillaBot that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with...

vse-osekse.usite.pro Cross Site Scripting vulnerability OBB-3863859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

Design/Logic Flaw

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

CVE-2024-22473

Gecko SDK vulnerability CVE-2024-22473 involves TRNG used before initialization by the ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. Affected software: Gecko SDK versions through 4.4.0 (and earlier per multiple sources). Impact: potential signature spoofing via ...

CVE-2024-22473 Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VSE devices

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

PT-2024-19442 · Gecko Sdk · Gecko Sdk

Name of the Vulnerable Software and Affected Versions: Gecko SDK versions through 4.4.0 Description: The issue arises from the use of a True Random Number Generator TRNG before its initialization by the ECDSA signing driver when exiting low-power modes EM2/EM3 on Virtual Secure Vault VSE devices...

vse-avtoservisy.ru Cross Site Scripting vulnerability OBB-2857964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vse-doski.com Cross Site Scripting vulnerability OBB-2847368

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-7337

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise VSE prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of...

CVE-2020-7337 Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise VSE prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of...

CVE-2020-7337

CVE-2020-7337 affects McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16, where an incorrect permission assignment for a critical resource enables local administrators to bypass local security protections by manipulating Code Integrity checks tied to Windows Defender Application Control. The...

vse-o-zhizni.ru Cross Site Scripting vulnerability OBB-1471166

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

McAfee VirusScan Enterprise < 8.8 Patch 15 Multiple Vulnerabilities (SB10302)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 15. It is, therefore, affected by multiple vulnerabilites: - Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14...

CVE-2020-7280

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise VSE prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing...

CVE-2020-7280

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise VSE prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing...

Privilege escalation

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise VSE prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing...

CVE-2020-7280

CVE-2020-7280 : Privilege escalation in McAfee VirusScan Enterprise (VSE) versions prior to 8.8 Patch 15. The issue arises during daily DAT updates where an attacker can alter the target of symbolic links, enabling local users to delete or create files they normally cannot. Timing-dependent vulne...

Privilege escalation

Privilege Escalation vulnerability in McAfee VirusScan Enterprise VSE for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is...