Lucene search

K

NA Security Vulnerabilities

cve
cve

CVE-2022-23005

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in...

8.7CVSS

8.6AI Score

0.001EPSS

2023-01-23 10:15 PM
26
cve
cve

CVE-2018-17555

The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids...

7.5CVSS

7.3AI Score

0.003EPSS

2022-10-03 04:22 PM
30
cve
cve

CVE-2022-33208

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software...

8.1CVSS

7.9AI Score

0.006EPSS

2022-07-04 02:15 AM
37
8
cve
cve

CVE-2022-33971

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow...

7.5CVSS

7.5AI Score

0.001EPSS

2022-07-04 02:15 AM
43
6
cve
cve

CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

8.1CVSS

7.9AI Score

0.006EPSS

2022-07-04 02:15 AM
40
In Wild
10
cve
cve

CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network...

6.5CVSS

6.7AI Score

0.002EPSS

2021-05-11 08:15 PM
230
10
cve
cve

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames...

2.6CVSS

6.2AI Score

0.001EPSS

2021-05-11 08:15 PM
344
In Wild
8
cve
cve

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of...

3.5CVSS

6.4AI Score

0.002EPSS

2021-05-11 08:15 PM
427
9
cve
cve

CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients...

5.3CVSS

6.5AI Score

0.002EPSS

2021-05-11 08:15 PM
269
5
cve
cve

CVE-2020-3258

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an...

9.8CVSS

9.5AI Score

0.004EPSS

2020-06-03 06:15 PM
29
cve
cve

CVE-2020-3257

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS)...

8.1CVSS

8.3AI Score

0.001EPSS

2020-06-03 06:15 PM
28
cve
cve

CVE-2020-3138

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

6.7CVSS

6.4AI Score

0.0004EPSS

2020-02-19 08:15 PM
37
cve
cve

CVE-2015-7291

Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary...

7.7AI Score

0.001EPSS

2015-11-21 11:59 AM
25
cve
cve

CVE-2015-7290

Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd...

6.1AI Score

0.005EPSS

2015-11-21 11:59 AM
22
cve
cve

CVE-2015-7289

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or...

7.2AI Score

0.004EPSS

2015-11-21 11:59 AM
32
cve
cve

CVE-2009-5149

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day"...

7AI Score

0.014EPSS

2015-11-21 11:59 AM
25