CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-28388
https://notcve.org/view.php?id=CVE-2020-28388
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. Se ha identificado una vulnerabilidad en Capital VSTAR (Todas las versiones), Nucleus NET (Todas las versiones anteriores a V5.2), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2012.12), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones). • https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf • CWE-342: Predictable Exact Value from Previous Values •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-24658
https://notcve.org/view.php?id=CVE-2020-24658
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. • https://developer.arm.com/support/arm-security-updates/arm-compiler-5-stack-protection • CWE-770: Allocation of Resources Without Limits or Throttling CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15031
https://notcve.org/view.php?id=CVE-2017-15031
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. En todas las versiones de ARM Trusted Firmware hasta e incluyendo la v1.4, la no inicialización del guardado/restauración del registro PMCR_EL0 puede filtrar información segura de tiempo global. • http://www.securityfocus.com/bid/106271 https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10629
https://notcve.org/view.php?id=CVE-2016-10629
nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. nw-with-arm es un instalador de NW que incluye ARM-Build. nw-with-arm descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. Podría ser posible provocar la ejecución remota de código (RCE) cambiando el binario solicitado por otro controlado por el atacante si éste están en la red o posicionado entre el usuario y el servidor remoto. • https://nodesecurity.io/advisories/226 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9607
https://notcve.org/view.php?id=CVE-2017-9607
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. El código de control BL1 FWU SMC en ARM Trusted Firmware en versiones anteriores a la 1.4 podría permitir que los atacantes escriban datos arbitrarios para asegurar la memoria, omitir el mecanismo de protección bl1_plat_mem_check, provocar una denegación de servicio o provocar cualquier otro impacto sin especificar mediante una imagen AArch32 manipulada, lo que desencadena un desbordamiento de enteros. • https://github.com/ARM-software/arm-trusted-firmware/blob/v1.4/docs/change-log.rst#new-features https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-4 • CWE-190: Integer Overflow or Wraparound •