Show filters
32 topics marked with the following tags:
Displaying 11-20 of 32
Sort by:
Attacker Value
Moderate
CVE-2019-17387
Disclosure Date: December 05, 2019 (last updated October 06, 2023)
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
0
Attacker Value
Very Low
Intel CPU Memory Mapping Local Information Leak: 'Spoiler'
Disclosure Date: April 17, 2019 (last updated October 06, 2023)
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
0
Attacker Value
Moderate
CVE-2023-28760
Last updated March 23, 2023
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
3
Attacker Value
Very Low
CVE-2020-10263 - Smart Speaker Root Shell via internal UART
Disclosure Date: April 08, 2020 (last updated October 06, 2023)
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.
1
Attacker Value
Low
CVE-2019-15126 aka Kr00k
Disclosure Date: February 05, 2020 (last updated October 13, 2020)
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
0
Attacker Value
High
CVE-2022-21846
Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
1
Attacker Value
Very Low
ThunderSpy
Last updated June 02, 2020
A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device.
3
Attacker Value
Moderate
CVE-2021-22947
Disclosure Date: September 29, 2021 (last updated March 28, 2024)
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
1
Attacker Value
High
CVE-2021-3064
Disclosure Date: November 10, 2021 (last updated October 07, 2023)
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
5
Attacker Value
High
CVE-2018-15919
Disclosure Date: August 28, 2018 (last updated October 06, 2023)
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
3