This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords....
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling...
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in...
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. Date published : 2020-02-21 https://github.com/Cacti/cacti/issues/3285 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEMDQXDRNQYXOME7TACKDVCXZXZNGZE2/
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. Date published : 2020-02-21 Home JetBrains Security Bulletin Q4 2019
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Date published : 2020-02-21 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152 https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f73658678b8
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Date published : 2020-02-21 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152 https://gist.github.com/jezzaaa/38c752d0a129576b2cc523ce6325050f
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. Date published : 2020-02-21 https://jpn.nec.com/security-info/secinfo/nv20-003.html https://jvn.jp/en/jp/JVN49410695/index.html
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2020-02-21 https://jpn.nec.com/security-info/secinfo/nv20-003.html https://jvn.jp/en/jp/JVN49410695/index.html
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands...
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with...
Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized...
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this...
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. Date published : 2020-02-20 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2ef990ab5a6705a356d146dd773a3b359787497