Security
Headlines
HeadlinesLatestCVEs

Tag

#telnet

CVE-2020-27733: List of bug fixes and feature enhancements

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#ubuntu#linux#apache#redis#memcached#nodejs#js#git#java#oracle#kubernetes#intel#php#rce#perl#ldap#nginx#pdf#vmware#aws#log4j#oauth#auth#ssh#telnet#ibm#dell#ruby#mongo#postgres#docker#chrome#firefox#sap#ssl
CVE-2020-13528: TALOS-2020-1136 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.

CVE-2020-13527: TALOS-2020-1135 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-26201: Askey Computer Corp. (亞旭電腦)

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

CVE-2020-3404: Cisco Security Advisory: Cisco IOS XE Software Consent Token Bypass Vulnerability

A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.

CVE-2018-20432: COVR 3902 1.01B0 Hardcoded Credentials ≈ Packet Storm

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

CVE-2020-4067: coturn/ChangeLog at aab60340b201d55c007bcdc853230f47aa2dfdf1 · coturn/coturn

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

CVE-2020-14002: PuTTY Change Log

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).