28 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. Dell Wyse Windows Embedded System versiones WIE10 LTSC 2019, contienen una vulnerabilidad de autorización inapropiada. A un usuario malicioso local autenticado poco privilegiado puede explotar esta vulnerabilidad para omitir el entorno restringido y llevar a cabo acciones no autorizadas en el sistema afectado • https://www.dell.com/support/kbdoc/en-us/000186134/dsa-2021-096-dell-wyse-windows-embedded-system-security-update-for-an-improper-authorization-vulnerability • CWE-863: Incorrect Authorization •

CVSS: 10.0EPSS: 68%CPEs: 3EXPL: 1

Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en TFTP Server SP 1.4 y 1.5 en Windows y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección mediante un paquete de error TFTP largo. NOTA: algunos de estos detalles se han obtenido de terceros. • https://www.exploit-db.com/exploits/5563 http://secunia.com/advisories/30147 http://www.securityfocus.com/bid/29111 http://www.vupen.com/english/advisories/2008/1468/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42298 http://downloads.securityfocus.com/vulnerabilities/exploits/29111.pl • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 11%CPEs: 3EXPL: 0

Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. Vulnerabilidad no especificada en los controladores de dispositivo Atheros 802.11 a/b/g wireless versiones anteriores a 5.3.0.35, y 6.x versiones anteriores a 6.0.3.67, en Windows, permite a atacantes remotos provocar una denegación de servicio mediante una trama de gestión 802.11 manipulada. • http://osvdb.org/37992 http://secunia.com/advisories/26348 http://www.kb.cert.org/vuls/id/730169 http://www.securityfocus.com/bid/25160 http://www.vupen.com/english/advisories/2007/2756 https://exchange.xforce.ibmcloud.com/vulnerabilities/35788 •

CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 1

TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. TeamSpeak WebServer 2.0 para Windows no valida la longitud del valor del parámetro y no expiran las sesiones TCP, lo cual permite a atacantes remotos provocar denegación de servicio (consumo de CPU y memoria)a través de los parámetros username y password en una respuesta en login.tscmd sobre el puerto TCP 14534. • https://www.exploit-db.com/exploits/4205 http://osvdb.org/38595 http://secunia.com/advisories/26141 http://www.securityfocus.com/bid/24977 https://exchange.xforce.ibmcloud.com/vulnerabilities/35518 •

CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 0

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de un URI de cierta longitud que contenga el parámetro sap-isc-key, relacionado con la configuración del caché de la web. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html http://osvdb.org/38095 http://secunia.com/advisories/25964 http://securityreason.com/securityalert/2875 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos http://www.securityfocus.com/archive/1/472890/100/0/threaded http://www.securityfocus.com/bid/24774 http://www.securitytracker.com/id?1018336 http://www.vupen.com/english/advisories/2007/2450 https://exchange.xforce.ibmc •