CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 2CVE-2019-18199 – Fujitsu Wireless Keyboard Set LX390 Replay Attacks
https://notcve.org/view.php?id=CVE-2019-18199
23 Oct 2019 — An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. Se detectó un problema en los dispositivos Fujitsu Wireless Keyboard Set LX390 GK381. Debido a la falta de cifrado apropiado de la comunicación de 2.4 GHz, y debido a la autenticación basada en contraseña, son vulnerables a los ataques de repetición. SySS GmbH found out that the wi... • http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2019-18200 – Fujitsu Wireless Keyboard Set LX390 Keystroke Injection
https://notcve.org/view.php?id=CVE-2019-18200
23 Oct 2019 — An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. Se detectó un problema en los dispositivos Fujitsu Wireless Keyboard Set LX390 GK381. Debido a la falta de cifrado apropiado de la comunicación de 2.4 GHz, son propensos a ataques de inyección de pulsaciones de teclas (keystroke). SySS GmbH found out that the wireless desktop set Fujitsu LX390 is vulnerable to keystrok... • http://packetstormsecurity.com/files/154956/Fujitsu-Wireless-Keyboard-Set-LX390-Keystroke-Injection.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-18201 – Fujitsu Wireless Keyboard Set LX390 Missing Encryption
https://notcve.org/view.php?id=CVE-2019-18201
23 Oct 2019 — An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords. Se detectó un problema en los dispositivos Fujitsu Wireless Keyboard Set LX390 GK381. Debido a la falta de cifrado apropiado de la comunicación de 2.4 GHz, un atacante es capaz de espiar datos confidenciales tales como contraseñas. SySS GmbH found out that the wireless desktop set Fujitsu LX390 d... • http://packetstormsecurity.com/files/154955/Fujitsu-Wireless-Keyboard-Set-LX390-Missing-Encryption.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.2EPSS: 0%CPEs: 16EXPL: 0CVE-2019-12762
https://notcve.org/view.php?id=CVE-2019-12762
06 Jun 2019 — Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Los dispositivos Xiaomi Mi 5s Plus permiten a los atacantes desencadenar anomalías de la pantalla táctil a través de una señal de radio entre 198 kHz y 203 kHz, como lo demuestra un transmisor y una antena ocultos justo debajo de la superficie de una mesa de cafetería, t... • https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 4CVE-2018-16156 – PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-16156
17 May 2019 — In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used ... • https://packetstorm.news/files/id/160832 • CWE-426: Untrusted Search Path •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9835
https://notcve.org/view.php?id=CVE-2019-9835
15 Mar 2019 — The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption. El componente del recibidor (también conocido como bridge) de los dispositivos Fujitsu Wireless Keyboard Set LX901 y GK900 permite la inyección de pulsaciones de tecla. Esto ocurre porque acepta paquetes de 2.4 GHz sin cifrar, incluso aunque todas las comunicaciones legíti... • http://www.securityfocus.com/bid/107440 •
CVSS: 6.8EPSS: 8%CPEs: 51EXPL: 0CVE-2019-6109 – openssh: Missing character encoding in progress display allows for spoofing of scp client output
https://notcve.org/view.php?id=CVE-2019-6109
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html • CWE-116: Improper Encoding or Escaping of Output CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.9EPSS: 56%CPEs: 55EXPL: 6CVE-2019-6111 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6111
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 3%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
10 Jan 2019 — In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. Many ... • http://www.securityfocus.com/bid/106531 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
10 Jul 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. ... • https://access.redhat.com/errata/RHSA-2018:2384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •