Buffer overflow

Improper buffer restrictions in the firmware of the IntelR Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...

CVE-2020-8691

CVE-2020-8691 is a vulnerability in the firmware of Intel(R) Ethernet 700 Series Controllers. The issue is a logic flaw in the firmware that may allow a privileged user to escalate privileges and/or cause a denial of service via local access. Affected products are Intel Ethernet 700 Series Contro...

CVE-2020-8691

A logic issue in the firmware of the IntelR Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...

CVE-2020-8690

Protection mechanism failure in IntelR Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...

CVE-2020-8690

Intel Ethernet 700 Series Controllers prior to version 7.3 are affected by multiple CVEs (including CVE-2020-8690) due to a protection mechanism failure, firmware logic issues, and improper access control that could allow a local attacker to escalate privileges and/or cause denial of service. The...

CVE-2020-8692

Affected product : Intel® Ethernet 700 Series Controllers before version 7.3. Vulnerability : Insufficient access control in the firmware may let a privileged local user escalate privileges and cause a denial of service. Root cause : firmware‑level access control weakness. Impacted versions : pri...

Intel® Ethernet 700 Series Controller Advisory

Summary: Potential security vulnerabilities in Intel® Ethernet 700 Series Controllers may allow escalation of privilege and/or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2020-8693 Description: Improper buff...

PT-2020-6348

Name of the Vulnerable Software and Affected Versions Modicon M221 all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A CWE-326: Inadequate Encryption Strength issue exists that could allow an attacker to break the encryption key whe...

Microsoft Warns of Continued Exploitation of CVE-2020-1472

Microsoft has released a blog post on cyber threat actors exploiting CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. The...

Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS DoS (cisco-sa-mdns-dos-3tH6cA9J)

A denial of service DoS vulnerability exists in Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers due to improper validation of mDNS packets. An unauthenticated, remote attacker can exploit this issue, via a crafted mDNS packet to an affected device, to cause the device to...

Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) DoS (cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX)

According to its self-reported version, the remote Cisco Wireless LAN Controller WLC device is affected by a DoS vulnerability in the Flexible NetFlow Version 9 packet processor due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An unauthenticated, remote...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows for authentication bypass. The exploit uses the Impacket library to test the vulnerability and attempts to perform a Netlogon authentication bypass. The script will immediately terminate when successfully...

Cross-site Scripting (XSS)

hapi-fhir-testpage-overlay is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization of the PARAMRESOURCE value when processing requests in several controllers...

Exploit for CVE-2020-1472

Zerologon CVE-2020-1472 This script is made for bulk checkin...

Zerologon Attacks Against Microsoft DCs Snowball in a Week

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug i...

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...

Cisco IOS and IOS XE Input Validation Error Vulnerability (CNVD-2020-70878)

Cisco IOS and IOS XE are both products of Cisco USA. the CLI is one of the command line interfaces. A security vulnerability exists in the Control and Provisioning Wireless Access Point CAPWAP protocol of the Cisco IOS XE software for the Cisco Catalyst 9800 series wireless controllers, which ste...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2110)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impack...

CVE-2020-3494

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition of an affected...