| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. |
| In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. |
| Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication. |
| Optergy Proton/Enterprise devices have Hard-coded Credentials. |
| Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. |
| Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. |
| Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. |
| Optergy Proton/Enterprise devices allow Open Redirect. |
| Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. |
| Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). |
| Optergy Proton/Enterprise devices allow Username Disclosure. |
| Nortek Linear eMerge 50P/5000P devices have Default Credentials. |
| Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). |
| Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. |
| Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. |
| Linear eMerge 50P/5000P devices allow Cookie Path Traversal. |
| Linear eMerge 50P/5000P devices allow Authentication Bypass. |
| Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). |
| Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. |
