Show filters
32 topics marked with the following tags:
Displaying 11-20 of 32
Sort by:
Attacker Value
Moderate

CVE-2019-17387

Disclosure Date: December 05, 2019 (last updated October 06, 2023)
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
Attacker Value
Moderate

CVE-2023-28760

Last updated March 23, 2023
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
2
Attacker Value
Low

CVE-2019-15126 aka Kr00k

Disclosure Date: February 05, 2020 (last updated October 13, 2020)
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Attacker Value
Very Low

CVE-2020-10263 - Smart Speaker Root Shell via internal UART

Disclosure Date: April 08, 2020 (last updated October 06, 2023)
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.
Attacker Value
High

CVE-2022-21846

Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Very Low

ThunderSpy

Last updated June 02, 2020
A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device.
2
Attacker Value
Very Low

Intel CPU Memory Mapping Local Information Leak: 'Spoiler'

Disclosure Date: April 17, 2019 (last updated October 06, 2023)
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
Attacker Value
Moderate

CVE-2023-36745

Disclosure Date: September 12, 2023 (last updated December 14, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
High

CVE-2021-3064

Disclosure Date: November 10, 2021 (last updated October 07, 2023)
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
Attacker Value
Very Low

CVE-2020-8862

Disclosure Date: February 22, 2020 (last updated October 06, 2023)
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082.