Topics

Sort by:
Attacker Value
Very Low

Windows 10 NTFS $i30 File Corruption

Last updated January 15, 2021
Windows 10 v1803 and later are vulnerable to NTFS file corruption when accessing a specially designed path containing the $i30 string, more specifically known as the Windows NTFS Index Attribute string as described at https://www.osforensics.com/faqs-and-tutorials/how-to-scan-ntfs-i30-entries-deleted-files.html. Attackers can remotely exploit this vulnerability to make Windows think a drive is corrupted even though it is not. Successfully resolving this issue will require users to reboot Windows and run a disk check on the corrupted drive, after which Windows will be convinced that the drive is no longer corrupted.
1
Attacker Value
Moderate

CVE-2020-28948

Disclosure Date: November 19, 2020 (last updated December 03, 2020)
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Attacker Value
Very High

CVE-2020-16875

Disclosure Date: September 11, 2020 (last updated January 15, 2021)
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'. **Note:** As of January 12, 2021, the patch for CVE-2020-16875 has been bypassed twice. See [CVE-2020-17132](https://attackerkb.com/topics/sfBIO5A6Cl/cve-2020-17132#rapid7-analysis) for details.
Attacker Value
High

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Disclosure Date: January 12, 2021 (last updated January 16, 2021)
CVE-2021-1647 is a zero-day remote code execution vulnerability in the Malware Protection Engine component (mpengine.dll) of Microsoft's Defender anti-virus product. It was published as part of the January 2021 Patch Tuesday release, along with a disclosure from Microsoft acknowledging that the vulnerability had been exploited in the wild. More information: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
Attacker Value
Low

CVE-2020-0986

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
Attacker Value
Very High

CVE-2020-10148 SolarWinds Orion API authentication bypass and RCE

Disclosure Date: December 29, 2020 (last updated January 04, 2021)
The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. This API is a central part of the Orion platform with highly privileged access to all Orion platform components. API authentication can be bypassed by including specific parameters in the `Request.PathInfo` portion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a `PathInfo` parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the `SkipAuthorization` flag, which may allow the API request to be processed without requiring authentication. Patches are available and as of 2020-12-24 organizations should be on one of the following versions to mitigate this weakness: - 2019.4 HF 6 (released December 14, 2020) - 2020.2.1 HF 2 (released December 15, 2020) - 2019.2 SUPERNOVA Patch (released December 23, 2020) - 2018.4 SUPERNOVA Patch (released December 23, 2020) - 2018.2 SUPERNOVA Patch (released December 23, 2020) Please see the following resources for more information: https://www.kb.cert.org/vuls/id/843464 https://www.solarwinds.com/securityadvisory#anchor2
Attacker Value
Very High

CVE-2020-29583 Zyxel USG Hard-Coded Admin Creds

Disclosure Date: December 22, 2020 (last updated January 16, 2021)
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-29583
Attacker Value
Very High

CVE-2020-15505

Disclosure Date: July 07, 2020 (last updated January 06, 2021)
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Attacker Value
Very High

CVE-2020-15506

Disclosure Date: July 07, 2020 (last updated September 18, 2020)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
Attacker Value
Moderate

CVE-2020-15900

Disclosure Date: July 28, 2020 (last updated August 30, 2020)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.