Search Results (Refine Search)

Search Parameters:
There are 153,801 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2021-32604

SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter.

Published: May 11, 2021; 7:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20313

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Published: May 11, 2021; 7:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20312

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20310

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20309

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32089

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published: May 11, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26147

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26145

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26144

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26143

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26142

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26141

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-24586

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Published: May 11, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31936

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability

Published: May 11, 2021; 3:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)