Lucene search
K

3702 matches found

CERT
CERT
added 2022/02/01 12:0 a.m.123 views

InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM

Overview The InsydeH2O Hardware-2-Operating System H2O UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode SMM. Description UEFI software provides an extensible interface between an operating system and platform firmware. UEFI software uses a...

8.2CVSS8.5AI score0.00448EPSS
Exploits1References5
CERT
CERT
added 2022/01/31 12:0 a.m.106 views

Samba vfs_fruit module insecurely handles extended file attributes

Overview The Samba vfsfruit module allows out-of-bounds heap read and write via extended file attributes CVE-2021-44142. This vulnerability allows a remote attacker to execute arbitrary code with root privileges. Description The Samba vfsfruit module uses extended file attributes EA, xattr to...

9CVSS8.8AI score0.7372EPSS
Exploits1References5
CERT
CERT
added 2022/01/20 12:0 a.m.35 views

McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description CVE-2022-0166 McAfee Agent, which comes with various McAfee products such as McAfee...

7.8CVSS7.9AI score0.02969EPSS
Exploits0References2
CERT
CERT
added 2022/01/07 12:0 a.m.61 views

Silicon Labs Z-Wave chipsets contain multiple vulnerabilities

Overview Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications. Description Z-Wave devices based on Silicon Labs chipsets...

8.8CVSS7.3AI score0.00846EPSS
Exploits0References5
CERT
CERT
added 2021/12/22 12:0 a.m.11 views

Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass

Overview Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured...

7.9AI score
Exploits0
CERT
CERT
added 2021/12/15 12:0 a.m.1218 views

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...

10CVSS10AI score0.99999EPSS
Exploits355References22
CERT
CERT
added 2021/11/09 12:0 a.m.82 views

Compilers permit Unicode control and homoglyph characters

Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...

8.3CVSS8.5AI score0.12205EPSS
Exploits5References1
CERT
CERT
added 2021/10/04 12:0 a.m.13 views

Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials

Overview The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create URL that will allow anyone, anywhere access to the Salesforce GUI with the same administrative credentials without a log trace of access or usage of the API. Description The...

6.4AI score
Exploits0References13
CERT
CERT
added 2021/08/10 12:0 a.m.75 views

NicheStack embedded TCP/IP has vulnerabilities

Overview HCC Embedded's software called InterNiche stack NicheStack and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as...

9.8CVSS8.7AI score0.03627EPSS
Exploits0References5
CERT
CERT
added 2021/08/06 12:0 a.m.201 views

HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and newline characters in HTTP/2 headers. When an attacker passes these...

7.1AI score
Exploits0References4
CERT
CERT
added 2021/08/02 12:0 a.m.735 views

Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

Overview Microsoft Windows Active Directory Certificate Services AD CS by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. Description PetitPotam is a tool to force Windows hosts to authenticate to other...

7.5CVSS7.4AI score0.66023EPSS
Exploits4References10
CERT
CERT
added 2021/07/20 12:0 a.m.97 views

Arcadyan-based routers and modems vulnerable to authentication bypass

Overview A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration. Description The...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References4
CERT
CERT
added 2021/07/20 12:0 a.m.482 views

Microsoft Windows 10 gives unprivileged user access to system32\config files

Overview Multiple versions of Windows 10 grant non-administrative users read access to files in the %windir%\system32\config directory. This can allow for local privilege escalation LPE. Description With multiple versions of Windows 10, the BUILTIN\Users group is given RX permissions to files in...

7.8CVSS7.9AI score0.67252EPSS
Exploits11References7
CERT
CERT
added 2021/07/18 12:0 a.m.624 views

Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files

Overview Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process. Description...

9.3CVSS8.6AI score0.86132EPSS
Exploits63References7
CERT
CERT
added 2021/06/30 12:0 a.m.717 views

Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()

Overview The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. Description The...

9.3CVSS8.8AI score0.99759EPSS
Exploits75References11
CERT
CERT
added 2021/05/25 12:0 a.m.42 views

Checkbox Survey insecurely deserializes ASP.NET View State data

Overview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server. Description CVE-2021-27852 Checkbox Survey insecurely deserializes ASP.NET View State data. Checkbox...

9.8CVSS9.8AI score0.31946EPSS
Exploits0References4
CERT
CERT
added 2021/05/24 12:0 a.m.78 views

Pulse Connect Secure Samba buffer overflow

Overview Pulse Connect Secure PCS gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code. Description CVE-2021-22908 PCS includes the ability to connect to Windows file shares SMB. This capability is provide...

9CVSS8.9AI score0.69377EPSS
Exploits0References2
CERT
CERT
added 2021/05/24 12:0 a.m.68 views

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are t...

8.8CVSS7.3AI score0.00907EPSS
Exploits1References12
CERT
CERT
added 2021/04/20 12:0 a.m.49 views

MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2021-2307 MySQL includes an OpenSSL component that specifies an OPENSSLDIR variable as a...

6.1CVSS7AI score0.01013EPSS
Exploits0References1
CERT
CERT
added 2021/04/20 12:0 a.m.296 views

Pulse Connect Secure contains a use-after-free vulnerability

Overview Pulse Connect Secure PCS gateway contains a use-after-free vulnerability that can allow an unauthenticated remote attacker to execute arbitrary code. Description CVE-2021-22893 A use-after-free vulnerability that can be reached via a license server handling endpoint may allow a remote,...

10CVSS9.8AI score0.47172EPSS
Exploits9References4
CERT
CERT
added 2021/02/18 12:0 a.m.39 views

Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs

Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list ACL on the default installation directory,...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References1
CERT
CERT
added 2021/02/09 12:0 a.m.35 views

Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths

Overview Siemens Totally Integrated Administrator TIA fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected...

7.8CVSS7.7AI score0.00862EPSS
Exploits0References2
CERT
CERT
added 2021/02/04 12:0 a.m.130 views

Sudo set_cmd() is vulnerable to heap-based buffer overflow

Overview A heap-based overflow has been discovered in the setcmd function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges. Description From the Sudo Main Page: Sudo su "do" allows a system administrator to delegate authority to give certain use...

7.8CVSS8.2AI score0.99295EPSS
Exploits81References3
CERT
CERT
added 2021/02/01 12:0 a.m.31 views

Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs

Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as...

7.8CVSS7.8AI score0.00501EPSS
Exploits0References4
CERT
CERT
added 2021/01/19 12:0 a.m.191 views

Dnsmasq is vulnerable to memory corruption and cache poisoning

Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment...

8.3CVSS8.6AI score0.86692EPSS
Exploits2References7
CERT
CERT
added 2020/12/26 12:0 a.m.208 views

SolarWinds Orion API authentication bypass allows remote command execution

Overview The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. Description The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the...

9.8CVSS10AI score0.9198EPSS
Exploits3References6
CERT
CERT
added 2020/12/23 12:0 a.m.156 views

Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Veritas Backup Exec contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2019-1552 Veritas Backup Exec includes an OpenSSL component that specifies an OPENSSLD...

9.3CVSS6.3AI score0.00678EPSS
Exploits0References3
CERT
CERT
added 2020/12/08 12:0 a.m.164 views

Embedded TCP/IP stacks have memory corruption vulnerabilities

Overview Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things IoT and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU96491057 as well as the name AMNESIA:33...

9.8CVSS8.5AI score0.52259EPSS
Exploits0References5
CERT
CERT
added 2020/11/23 12:0 a.m.53 views

VMware Workspace ONE Access and related components are vulnerable to command injection

Overview VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system...

9.1CVSS9.7AI score0.23771EPSS
Exploits0References3
CERT
CERT
added 2020/11/10 12:0 a.m.56 views

Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

Overview The Replay Protected Memory Block RPMB protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area. Description...

6.8CVSS6.7AI score0.004EPSS
Exploits0References4
CERT
CERT
added 2020/10/26 12:0 a.m.32 views

Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR...

7.8CVSS8.1AI score0.00592EPSS
Exploits0References1
CERT
CERT
added 2020/10/22 12:0 a.m.52 views

Chocolatey Boxstarter is vulnerable to privilege escalation due to weak ACLs

Overview Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-15264 The Chocolatey Boxstarter installer fails to set a secure access-control list ACL on the...

8CVSS8.2AI score0.01487EPSS
Exploits0References2
CERT
CERT
added 2020/10/12 12:0 a.m.88 views

Acronis backup software contains multiple privilege escalation vulnerabilities

Overview Acronis True Image, Cyber Backup, and Cyber Protection all contain privilege escalation vulnerabilities, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-10138 Acronis Cyber Backup 12.5 and Cyber Protect 15 include...

7.8CVSS7.8AI score0.00498EPSS
Exploits0References4
CERT
CERT
added 2020/09/16 12:0 a.m.1145 views

Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector

Overview The Microsoft Windows Netlogon Remote Protocol MS-NRPC reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator...

10CVSS8.6AI score0.99512EPSS
Exploits75References14
CERT
CERT
added 2020/09/15 12:0 a.m.54 views

IPTV encoder devices contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in various Video Over IP Internet Protocol encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system...

9.8CVSS9.9AI score0.40302EPSS
Exploits17References5
CERT
CERT
added 2020/09/09 12:0 a.m.232 views

Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite

Overview Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation CTKD for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or...

5.9CVSS6.1AI score0.07137EPSS
Exploits1References3
CERT
CERT
added 2020/08/20 12:0 a.m.63 views

Diebold Nixdorf ProCash 2100xe USB ATM does not adequately secure communications between CCDM and host

Overview Diebold Nixdorf 2100xe USB automated teller machines ATMs are vulnerable to physical attacks on the communication channel between the cash and check deposit module CCDM and the host computer. An attacker with physical access to internal ATM components may be able to exploit this...

7.1CVSS5.8AI score0.00729EPSS
Exploits0References3
CERT
CERT
added 2020/08/20 12:0 a.m.53 views

NCR SelfServ ATM BNA contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 04.02.01 and 05.01.00 are vulnerable to physical attacks on the communications bus between the host computer and the bunch note accepter BNA. Description NCR ATM SelfServ devices running APTRA XFS 04.02.01 and 05.01.00 contain...

7.6CVSS6.8AI score0.00729EPSS
Exploits0References5
CERT
CERT
added 2020/08/20 12:0 a.m.53 views

NCR SelfServ ATM dispenser software contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...

7.6CVSS7.1AI score0.00674EPSS
Exploits2References7
CERT
CERT
added 2020/07/29 12:0 a.m.92 views

GRUB2 bootloader is vulnerable to buffer overflow

Overview The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. Description GRUB2 is a multiboot boot loader that replaced GRUB Legacy in 2012. A boot loader is the first program that runs upon...

8.2CVSS8.6AI score0.01068EPSS
Exploits0References6
CERT
CERT
added 2020/07/08 12:0 a.m.92 views

F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Overview F5 BIG-IP provides a Traffic Management User Interface TMUI, also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a...

10CVSS10AI score0.99999EPSS
Exploits60References9
CERT
CERT
added 2020/06/26 12:0 a.m.25 views

Netgear httpd upgrade_check.cgi stack buffer overflow

Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgradecheck.cgi, which may allow for unauthenticated remote code execution with root privileges. Description Many Netgear devices contain an embedded web server, which is provided by the httpd...

9.5AI score
Exploits0References4
CERT
CERT
added 2020/06/16 12:0 a.m.88 views

Treck IP stacks contain multiple vulnerabilities

Overview Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. Description Treck IP network stack software is designed for and used in a variety of embedded systems. T...

10CVSS8.5AI score0.36965EPSS
Exploits21References4
CERT
CERT
added 2020/06/08 12:0 a.m.123 views

Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Overview The Universal Plug and Play UPnP protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. Description The UPnP protocol, as specified by the Open Connectivity Foundation OCF, is designed to provide automatic...

7.8CVSS8.1AI score0.15193EPSS
Exploits3References5
CERT
CERT
added 2020/06/02 12:0 a.m.122 views

IP-in-IP protocol routes arbitrary traffic by default

Overview IP Encapsulation within IP RFC2003 IP-in-IP can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device. Description IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be...

5.3CVSS5.3AI score0.28537EPSS
Exploits0References3
CERT
CERT
added 2020/05/26 12:0 a.m.70 views

iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the XNU kernel lio_listio() function

Overview iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the GNU kernel's liolistio function, which can allow a malicious application to achieve unsandboxed, kernel-level code execution. Description iOS, iPadOS, tvOS, watchOS, and macOS contain an a double-free...

7.8CVSS7.4AI score0.00829EPSS
Exploits0References7
CERT
CERT
added 2020/05/18 12:0 a.m.76 views

Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Overview Bluetooth Low Energy BLE and Basic Rate / Enhanced Data Rate BR/EDR Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using an agreed upon Association Model. It is possible for an...

6.3CVSS6.5AI score0.00658EPSS
Exploits0References3
CERT
CERT
added 2020/05/18 12:0 a.m.67 views

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Overview Bluetooth Basic Rate / Enhanced Data Rate BR/EDR Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to...

5.4CVSS6.9AI score0.02386EPSS
Exploits2References7
CERT
CERT
added 2020/05/14 12:0 a.m.54 views

Samsung Qmage codec for Android Skia library does not properly validate image files

Overview The Samsung Qmage codec used in the Android Skia library does not properly validate image files. A number of memory corruption vulnerabilities allow an attacker to execute arbitrary code by causing a vulnerable system to parse a Qmage file. Description The Samsung May 2020 Android Securi...

10CVSS9.8AI score0.05711EPSS
Exploits2References3
CERT
CERT
added 2020/04/06 12:0 a.m.30 views

Periscope BuySpeed is vulnerable to stored cross-site scripting

Overview Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript. Description Periscope BuySpeed is a "tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed...

5.4CVSS5.1AI score0.00639EPSS
Exploits0References6
Total number of security vulnerabilities3702