Show filters

Showing topics marked with the following tags:

(11-20 of 50)

Sort by:
Attacker Value
Moderate

CVE-2019-1169

Disclosure Date: August 14, 2019 (last updated July 24, 2020)
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Attacker Value
Low

Ripple20 Treck TCP/IP Stack Vulnerabilities

Last updated June 18, 2020
Treck IP stack implementations for embedded systems are [affected by multiple vulnerabilities](https://kb.cert.org/vuls/id/257161). This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A [summary of JSOF’s research is here](https://www.jsof-tech.com/ripple20/#ripple-whitepaper), along with a [technical whitepaper](https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf). See the [Rapid7 Analysis tab](https://attackerkb.com/topics/EZhbaWNnwV/ripple20-treck-tcp-ip-stack-vulnerabilities?#rapid7-analysis) for further details.
7
Attacker Value
Moderate

CVE-2020-0787 Windows BITS Privesc

Disclosure Date: March 12, 2020 (last updated July 30, 2020)
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
Attacker Value
High

CVE-2019-7244

Disclosure Date: March 25, 2020 (last updated June 05, 2020)
An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.
Attacker Value
Very Low

Unknown iOS Mail.App RCE ZecOps

Last updated May 13, 2020
To quote the Reuters report: "To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details." So, it sounds like a font or other kind of render thing in Mail.App. No clicks required other than opening the email.
2
Attacker Value
Very Low

CVE-2020-1425 - Windows Codecs Library RCE

Last updated July 03, 2020
A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.
4
Attacker Value
Moderate

CVE-2020-5929

Disclosure Date: September 25, 2020 (last updated October 09, 2020)
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.
Attacker Value
Very High

CVE-2012-0002

Disclosure Date: March 13, 2012 (last updated July 30, 2020)
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
0
Attacker Value
Very Low

CVE-2018-19131

Disclosure Date: November 09, 2018 (last updated June 05, 2020)
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Attacker Value
Very High

CVE-2020-15858

Disclosure Date: August 21, 2020 (last updated September 04, 2020)
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04