Show filters
32 topics marked with the following tags:
Displaying 1-10 of 32
Sort by:
Attacker Value
Very Low

CVE-2020-8597 rhostname buffer overflow in pppd

Disclosure Date: February 03, 2020 (last updated June 10, 2020)
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Attacker Value
Very Low

CVE-2020-6842

Disclosure Date: February 21, 2020 (last updated October 06, 2023)
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
Attacker Value
High

CVE-2020-8864

Disclosure Date: March 23, 2020 (last updated October 06, 2023)
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.
Attacker Value
Very High

CVE-2020-9463

Disclosure Date: February 28, 2020 (last updated October 06, 2023)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Attacker Value
Very High

CVE-2023-28489

Disclosure Date: April 11, 2023 (last updated October 08, 2023)
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.
Attacker Value
Very Low

CVE-2020-9371

Disclosure Date: March 04, 2020 (last updated October 06, 2023)
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Attacker Value
High

CVE-2023-41724

Disclosure Date: March 31, 2024 (last updated April 02, 2024)
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Attacker Value
High

CVE-2019-17388

Disclosure Date: March 28, 2019 (last updated October 06, 2023)
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.
Attacker Value
Very Low

CVE-2021-3655

Disclosure Date: August 05, 2021 (last updated October 07, 2023)
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Attacker Value
Low

CVE-2020-6841

Disclosure Date: February 21, 2020 (last updated October 06, 2023)
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.