Lucene search
K

156 matches found

OSV
OSV
added 2020/06/08 5:15 p.m.32 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.9AI score0.15193EPSS
Exploits3References17
OSV
OSV
added 2020/06/08 5:15 p.m.4 views

DEBIAN-CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.5AI score0.15193EPSS
Exploits3References1
Prion
Prion
added 2020/06/08 5:15 p.m.35 views

Open redirect

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS7.4AI score0.15193EPSS
Exploits3References17Affected Software2
OSV
OSV
added 2020/06/08 5:15 p.m.2 views

UBUNTU-CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.7AI score0.15193EPSS
Exploits3References9
Debian CVE
Debian CVE
added 2020/06/08 4:45 p.m.27 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS6.5AI score0.15193EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2020/06/08 12:0 a.m.38 views

CVE-2020-12695 "CallStranger"

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Recent assessments: kevthehermit at June 0...

7.8CVSS0.1AI score0.15193EPSS
Exploits3References22
OpenVAS
OpenVAS
added 2020/04/08 12:0 a.m.4 views

ZSQL: IP Address Blacklist

The IP address blacklist is configured by setting the TCPEXCLUDEDNODES parameter. After IP address whitelist/blacklist checking is enabled and the IP address blacklist is configured, the blacklisted clients cannot access the database. Such a blacklist allows for IPv4 and IPv6 addresses, as well a...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/07 9:36 a.m.12 views

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This...

7.8CVSS7.3AI score0.00909EPSS
Exploits1References5
NVD
NVD
added 2020/03/04 2:15 a.m.36 views

CVE-2020-5535

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

8.8CVSS8.9AI score0.00855EPSS
Exploits0References2
Prion
Prion
added 2020/03/04 2:15 a.m.21 views

Authentication flaw

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors...

5.8CVSS8.7AI score0.00578EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/03/03 8:41 a.m.6 views

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This...

7.8CVSS7.3AI score0.00909EPSS
Exploits1References5
NVD
NVD
added 2020/02/21 10:15 a.m.16 views

CVE-2020-5534

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

8CVSS8AI score0.0087EPSS
Exploits0References2
Prion
Prion
added 2020/02/21 10:15 a.m.23 views

Design/Logic Flaw

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function...

8.3CVSS8.9AI score0.01019EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2020/02/21 10:15 a.m.17 views

Design/Logic Flaw

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen...

7.7CVSS8.2AI score0.0087EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2020/02/21 9:15 a.m.18 views

CVE-2020-5534

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

8.1AI score0.0087EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/21 9:15 a.m.18 views

CVE-2020-5525

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen...

8.3AI score0.0087EPSS
Exploits0References2
OSV
OSV
added 2020/02/17 7:15 p.m.4 views

CVE-2019-20474

An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...

4.3CVSS5.8AI score0.01441EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/02/04 8:53 a.m.5 views

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This...

7.8CVSS7.3AI score0.00909EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2019/10/10 10:3 p.m.31 views

CVE-2017-5482

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...

9.8CVSS1.4AI score0.05504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/10 10:3 p.m.30 views

CVE-2017-5204

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...

9.8CVSS1.4AI score0.05997EPSS
Exploits0References1
Rows per page
Query Builder