7 matches found
CVE-2006-2707
The CVE-2006-2707 entry affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The root cause is that the server does not validate the peer certificate when obtaining updates, which could allow remote attackers to distribute malicious updates to clients. The available...
CVE-2006-2710
Summary: CVE-2006-2710 affects Secure Elements Class 5 AVR (C5 EVM) before 2.8.1. Root cause: same invariant RSA key used across all installations, permitting remote attackers with the key to decrypt communications. Impact: confidentiality of communications is compromised; integrity/availability ...
CVE-2006-2711
CVE-2006-2711 affects Secure Elements Class 5 AVR (C5 EVM) version 2.8.1 and earlier (and possibly later 2.8.x), where the same initialization vector (IV) and key are reused for each message session. This is the underlying root cause stated in the CVE description, enabling remote attackers over a...
CVE-2006-2706
CVE-2006-2706 affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The issue allows remote attackers to trigger a denial of service by sending forged "session start" messages that cause the AVR server to connect to arbitrary hosts. The vulnerability description in t...
CVE-2006-2709
CVE-2006-2709 affects Secure Elements Class 5 AVR (aka C5 EVM ) before version 2.8.1. The issue: messages’ source address is not validated, enabling a remote attacker to execute arbitrary code on a client or forge messages to the server . The connected documents provide the product and impact det...
CVE-2006-2712
The CVE affects Secure Elements Class 5 AVR (C5 EVM) client and server prior to version 2.8.1. Root cause: lack of verification of the message digest integrity, enabling remote attackers to modify and replay messages. Exploitation stated as remote over a network; no further exploit details or fix...
CVE-2006-2708
CVE-2006-2708 affects Secure Elements Class 5 AVR client (C5 EVM) prior to version 2.8.1. Affected component: EM_GET_CE_PARAMETER and EM_SET_CE_PARAMETER message handling. Root cause: remote attackers can alter the size parameter, causing a buffer over-read/read of process memory. Impact (per sou...