| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. |
| Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| Denial of service in HP-UX SharedX recserv program. |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
| The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| The SSH authentication agent follows symlinks via a UNIX domain socket. |
| The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service. |
| WinGate is being used. |
| The OS/2 or POSIX subsystem in NT is enabled. |
| A component service related to NIS+ is running. |
| An account on a router, firewall, or other network device has a default, null, blank, or missing password. |
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
| An SNMP community name is guessable. |
| UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
| An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. |
| A NETBIOS/SMB share password is the default, null, or missing. |