Show filters

Showing topics marked with the following tags:

(1-10 of 17)

Sort by:
Attacker Value
Very Low

CVE-2020-6842

Disclosure Date: February 21, 2020 (last updated June 05, 2020)
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
Attack Vector: Network Privileges: High User Interaction: None
0
Attacker Value
High

CVE-2020-8864

Disclosure Date: March 23, 2020 (last updated July 24, 2020)
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.
Attack Vector: Adjacent Network Privileges: None User Interaction: None
0
Attacker Value
Very Low

CVE-2020-8597 rhostname buffer overflow in pppd

Disclosure Date: February 03, 2020 (last updated June 10, 2020)
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Attack Vector: Network Privileges: None User Interaction: None
1
Attacker Value
Very High

CVE-2020-9463

Disclosure Date: February 28, 2020 (last updated June 05, 2020)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
High

CVE-2019-17388

Disclosure Date: March 28, 2019 (last updated June 05, 2020)
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.
Attack Vector: Local Privileges: Low User Interaction: None
0
Attacker Value
Moderate

CVE-2019-17387

Disclosure Date: December 05, 2019 (last updated June 05, 2020)
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
Attack Vector: Local Privileges: Low User Interaction: None
0
Attacker Value
Very Low

CVE-2020-9371

Disclosure Date: March 04, 2020 (last updated June 05, 2020)
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Attack Vector: Network Privileges: High User Interaction: Required
0
Attacker Value
Very Low

Intel CPU Memory Mapping Local Information Leak: 'Spoiler'

Disclosure Date: April 17, 2019 (last updated July 24, 2020)
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
Attack Vector: Local Privileges: Low User Interaction: None
0
Attacker Value
Low

Ripple20 Treck TCP/IP Stack Vulnerabilities

Last updated June 18, 2020
Treck IP stack implementations for embedded systems are [affected by multiple vulnerabilities](https://kb.cert.org/vuls/id/257161). This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A [summary of JSOF’s research is here](https://www.jsof-tech.com/ripple20/#ripple-whitepaper), along with a [technical whitepaper](https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf). See the [Rapid7 Analysis tab](https://attackerkb.com/topics/EZhbaWNnwV/ripple20-treck-tcp-ip-stack-vulnerabilities?#rapid7-analysis) for further details.
7
Attacker Value
Low

CVE-2020-6841

Disclosure Date: February 21, 2020 (last updated June 05, 2020)
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
Attack Vector: Network Privileges: None User Interaction: None
0