| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the
problem of the config partition not being measured correctly.
Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of
SHA256.
This issue was somewhat mitigated due to all of the PCR extend functions
updating both the values of SHA256 and SHA1 for a given PCR ID.
However, due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as
the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which
means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”
key, changes to the config partition would still not be measured.
An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”
|
| Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode. |
| CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed. |
| A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users. |
| An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments. |
| An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver. |
| An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. |
| An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message. |
| An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. |
| An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction. |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. |
|
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
| Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
|
| Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. |
| Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. |
| Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. |
| A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
