Showing topics marked with the following tags:

(10 of 41)

Sort by:
Attacker Value
High

CVE-2019-5021

Disclosure Date: May 08, 2019 (last updated February 13, 2020)
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
0
Attacker Value
Moderate

CVE-2017-6529

Disclosure Date: March 09, 2017 (last updated March 10, 2020)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
Attack Vector: Network
0
Attacker Value
Very High

CVE-2020-10977

Disclosure Date: April 08, 2020 (last updated April 10, 2020)
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Attack Vector: Local
0
Attacker Value
Moderate

CVE-2019-19193

Disclosure Date: February 10, 2020 (last updated March 10, 2020)
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
Attack Vector: Adjacent Network
0
Attacker Value
High

CVE-2020-1985

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
Attack Vector: Local
0
Attacker Value
High

CVE-2020-1984

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
Attack Vector: Local
0
Attacker Value
Very High

CVE-2020-8899 Samsung Quarm RCE via MMS

Disclosure Date: May 06, 2020 (last updated May 15, 2020)
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.
Attack Vector: Network Utility Class: File Access
2
Attacker Value
Moderate

CVE-2019-17520

Disclosure Date: February 10, 2020 (last updated March 10, 2020)
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
Attack Vector: Adjacent Network
0
Attacker Value
Moderate

CVE-2019-17061

Disclosure Date: February 10, 2020 (last updated April 14, 2020)
The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.
Attack Vector: Adjacent Network
0
Attacker Value
Low

CVE-2020-1986

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
Attack Vector: Local
0