7 matches found
CVE-2006-2704
CVE-2006-2704 affects Secure Elements Class 5 AVR server and client (C5 EVM) prior to version 2.8.1. The issue is that messages are sent in cleartext, allowing remote attackers to read sensitive vulnerability information. The connected documents do not provide exploit details, affected product va...
CVE-2006-2713
CVE-2006-2713 affects Secure Elements Class 5 AVR client (aka C5 EVM) prior to version 2.8.1. The vulnerability stems from generating predictable CEIDs, allowing a remote attacker to determine the CEID of a protected asset. This information could be leveraged in subsequent attacks against AVR. Th...
CVE-2006-2717
Affected software: Secure Elements Class 5 AVR client and server (C5 EVM) prior to 2.8.1. Vulnerability: authenticated attackers can overwrite arbitrary files (1) on a server during an update, or (2) on a client via modified pathnames, likely due to a directory traversal issue. Impact: potential ...
CVE-2006-2714
The CVE-2006-2714 issue is in Secure Elements Class 5 AVR client (aka C5 EVM) before version 2.8.1. The product does not validate the CEID of incoming messages, which can allow a remote attacker to send messages to a protected asset without knowing the proper CEID. Affected software: C5 EVM clien...
CVE-2006-2716
CVE-2006-2716 affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The vulnerability stems from a hard-coded user ID and password, which enables remote attackers to gain access to the server. The connected sources confirm the affected component and root cause as har...
CVE-2006-2715
CVE-2006-2715 affects the Administration Console of Secure Elements Class 5 AVR (C5 EVM) prior to version 2.8.1. Root cause: access control is not enforced, enabling remote attackers to gain console access to servers. Impact is partial confidentiality/integrity/availability. Remediation: upgrade ...
CVE-2006-2705
CVE-2006-2705 affects Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The vulnerability allows remote attackers to cause an unspecified denial of service through a flood of forged client registration messages. Connected documents do not add concrete technical details (affe...