Showing topics marked with the following tags:

(10 of 32)

Sort by:
Attacker Value
Very Low

Unknown iOS Mail.App RCE ZecOps

Last updated May 13, 2020
To quote the Reuters report: "To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details." So, it sounds like a font or other kind of render thing in Mail.App. No clicks required other than opening the email.
Utility Class: RCE
2
Attacker Value
High

CVE-2020-8616: NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities

Disclosure Date: May 19, 2020 (last updated June 01, 2020)
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
Attack Vector: Network Utility Class: Other
1
Attacker Value
Moderate

CVE-2019-19193

Disclosure Date: February 10, 2020 (last updated March 10, 2020)
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
Attack Vector: Adjacent Network
0
Attacker Value
Very Low

CVE-2020-5308

Disclosure Date: January 07, 2020 (last updated March 10, 2020)
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
Attack Vector: Network
0
Attacker Value
Very Low

CVE-2018-19131

Disclosure Date: November 09, 2018 (last updated March 10, 2020)
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Attack Vector: Network
0
Attacker Value
Very Low

CVE-2009-2936

Disclosure Date: April 05, 2010 (last updated June 02, 2020)
** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless."
0
Attacker Value
Moderate

CVE-2019-17520

Disclosure Date: February 10, 2020 (last updated March 10, 2020)
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
Attack Vector: Adjacent Network
0
Attacker Value
Moderate

CVE-2019-17061

Disclosure Date: February 10, 2020 (last updated April 14, 2020)
The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.
Attack Vector: Adjacent Network
0
Attacker Value
Low

CVE-2020-1986

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
Attack Vector: Local
0
Attacker Value
Moderate

CVE-2019-17517

Disclosure Date: February 10, 2020 (last updated March 10, 2020)
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet.
Attack Vector: Adjacent Network
0