Lucene search
K

869 matches found

OSV
OSV
added 2020/12/14 10:15 p.m.7 views

CVE-2020-0459

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interacti...

3.3CVSS5.9AI score0.0015EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/12/14 10:15 p.m.3 views

CVE-2020-0459

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interacti...

3.3CVSS5.6AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2020/10/21 7:15 p.m.5 views

CVE-2020-3549

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

8.1CVSS7.3AI score0.00932EPSS
Exploits0References1
Prion
Prion
added 2020/10/21 7:15 p.m.18 views

Design/Logic Flaw

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

6.8CVSS7.8AI score0.00932EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/10/21 6:35 p.m.26 views

CVE-2020-3549 Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

8.1CVSS7.9AI score0.00932EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/10/21 6:35 p.m.10 views

CVE-2020-3549 Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

8.1CVSS6.7AI score0.00932EPSS
Exploits0References1
Cisco
Cisco
added 2020/10/21 4:0 p.m.79 views

Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

8.1CVSS8.1AI score0.00932EPSS
Exploits0References1
NVD
NVD
added 2020/10/16 1:15 p.m.11 views

CVE-2019-19885

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0...

9.1CVSS0.00987EPSS
Exploits0References1
Prion
Prion
added 2020/10/16 1:15 p.m.15 views

Authorization

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0...

6.4CVSS9.1AI score0.00987EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2020/10/16 12:55 p.m.40 views

CVE-2019-19885

CVE-2019-19885 affects Bender COMTRAXX devices (COM465IP, COM465DP, COM465ID, CP700, CP907, CP915) prior to version 4.2.0. Root cause: user authorization is validated for most routes but not all; a user who knows the routes can read and write configuration data without prior authorization. Impact...

9.1CVSS9AI score0.00987EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/10/05 5:58 p.m.45 views

Malware Families Turn to Legit Pastebin-Like Service

Cybercriminals are increasingly turning to a legitimate, Pastebin-like web service for downloading malware — such as AgentTesla and LimeRAT — in spear-phishing attacks. Pastebin, a code-hosting service that enables users to share plain text through public posts called “pastes,” currently has 17...

7AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/07/22 4:43 p.m.293 views

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

10CVSS9.4AI score0.99913EPSS
Exploits20References12
OSV
OSV
added 2020/06/16 8:15 p.m.3 views

CVE-2020-7513

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to intercept traffic and read configuration data...

7.5CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2020/06/16 8:15 p.m.18 views

CVE-2020-7513

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to intercept traffic and read configuration data...

7.5CVSS0.00815EPSS
Exploits0References1
Prion
Prion
added 2020/06/16 8:15 p.m.19 views

Design/Logic Flaw

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to intercept traffic and read configuration data...

5CVSS7.3AI score0.00815EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/16 7:45 p.m.24 views

CVE-2020-7513

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to intercept traffic and read configuration data...

7.4AI score0.00815EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/18 3:45 p.m.18 views

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

9.6CVSS8.9AI score0.01651EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/04/30 12:0 a.m.4 views

The vulnerability of Microprogrammed Software in Modicon Controllers arises from the existence of rigidly encrypted user data, which allows a intruder to execute any command against the Modicon Controllers.

The vulnerability of Microprogrammed Software in Modicon Controllers stems from the existence of rigidly encoded configuration data used to transmit configuration files to Modicon Controllers. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on Modicon...

7.8CVSS7.7AI score0.0115EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.4 views

The vulnerability of the Border Gateway Protocol (BGP) implementation in the Cisco NX-OS operating system allows a attacker to compromise the integrity and accessibility of protected information.

The vulnerability of the Border Gateway Protocol BGP implementation in the Cisco NX-OS operating system is related to the use of pre-installed configuration data. Exploiting this vulnerability could allow a malicious actor to compromise the integrity and accessibility of protected information...

8.2CVSS7.5AI score0.01278EPSS
Exploits0References4
CNVD
CNVD
added 2020/03/18 12:0 a.m.0 views

Micro Focus Service Manager Information Disclosure Vulnerability (CNVD-2020-18400)

Micro Focus Service Manager is a suite of service desk software from Micro Focus UK. The software supports the deployment of a comprehensive IT service management ITSM system and standardizes management processes. A security vulnerability exists in Micro Focus Service manager. An attacker could...

5.3CVSS6.7AI score0.00862EPSS
Exploits0References1
Rows per page
Query Builder